After the year we’ve had, do you need any more convincing that your personal information is constantly being exposed to hackers?

It wasn’t just the Equifax hack, which leaked 145.5 million Social Security numbers, or the WannaCry ransomware attack that locked up our computers and demanded a ransom paid in bitcoins.

Even the security software on millions of our computers became suspect when, for example, the US government banned the widely popular Kaspersky Lab software over concerns about connections to the Russian government. And experts made us question whether we can trust the invisible systems that connect our devices to the internet, like Wi-Fi.

But as scary as all this news is, I don’t recommend putting your fingers in your ears and chanting “fa la la la” until the next hack (though sometimes I’m tempted to do that myself).

The good news is that even as things get worse, you can still do a lot to protect yourself from many types of cyberattacks. In fact, it’s because these trends aren’t likely to turn around in 2018 that you should do all of the following:

Start by backing up your photos, music and other important stuff. Also, update all your software. If you’re not doing these two things, the rest of this is useless.
Next, learn how to adopt some of the increasingly easy-to-use tools for locking down your accounts, like authentication apps, Yubikeys and services like Google Now that come with an authentication tool built in.
Finally, don’t give up on security software — you’ll still need it in 2018 with the way things are going.
Sound like too much work? You should really carve out some time for this stuff. If you’ll permit me to be Debbie Downer for a moment, our security situation is likely to get worse, not better in 2018. Here’s how.

Ransomware will get sneakier, so your backups will be even more important

It’s hard to imagine how ransomware could get much worse. In the WannaCry attack, hackers used NSA hacking tools that leaked into the criminal underworld, repurposing them to launch ransomware at regular computer users.

But the attacks will get stealthier, according to Dave Dufour, vice president of cybersecurity and engineering at Webroot. That’s because hackers are coming up with ransomware attacks that are harder for consumer security products to detect. Instead of running files on your computer that your antivirus software can flag as malicious, hackers will rely more on code that looks legitimate because it runs in programs like Microsoft Word.

Patch your phone, patch your Mac, patch your Windows machine.
Dave Dufour, VP, Webroot
Antivirus tools will have to catch up with that trend to protect consumers. But if you don’t want to wait for that to happen (and you shouldn’t), you can keep backups of your files on the cloud and on external devices, Dufour said.

“If you back it up, you don’t have to care about ransomware,” Dufour said.

There’s one more thing you should do to prevent the pain of ransomware. Consider the ransomware attacks of 2017: “Many of them could have been mitigated by patching your systems,” Dufour said. “Patch your phone, patch your Mac, patch your Windows machine.”

Data breaches will continue, so don’t just rely on passwords

The passwords you and I use daily are a terrible security tool that we only rely on because nothing better has come along.

I mean, really, if someone said they’d protect your bank account with a key that anyone can copy at any moment, you probably wouldn’t use it. But that’s what we do with passwords.

Fortunately, that’s beginning to change. More ways to log in and unlock devices came on the scene this year, and you can expect more in 2018.

Apple made the biggest splash here by introducing FaceID in the iPhone X — the first widely available device using facial recognition technology. FaceID raised privacy concerns and inspired attempts to fool the technology with masks. But if users find it as simple and intuitive to use as Apple’s Touch ID fingerprint system, it will add your face to the list of biometrics that can lock down your accounts.

Better security is getting easier

There’s another tool for keeping your accounts secure that’s getting safer and easier to use, though it’s not quite as futuristic and sexy as a 3D scan of your face.

It’s called two-factor authentication.

This system works by adding another step to your login process, so just having your password isn’t enough for malicious actors to get into your accounts. I know, that’s more work for you, and remembering your password is hard enough. But if you use it, you’ll get to feel smug instead of scared the next time there’s a data breach like the one that, as we learned in October, affected all 3 billion Yahoo accounts.

Popular services are adopting more convenient ways for you to use two-factor authentication. In 2017, Facebook started letting you use a piece of physical hardware called a Yubikey to verify your identity. You plug in the device to your computer’s USB drive and tap it to get into your account. Google introduced Google Prompt, which lets you tap a button on your phone to verify your identity when you log into your accounts.

That’s way easier — and safer — than the industry standard of years past, which was entering in a one-time code sent by SMS to your phone.

Security software is still your friend

Things got a little weird this year with security software like antivirus scanners and password managers. Kaspersky antivirus software was banned from US government computers and taken off the shelves by some retailers. Password manager LastPass patched a big security flaw, and OneLogin got hacked. And dozens of antivirus apps on the Google Play store turned out to be malicious.

Security software will continue to be a target for hackers, who would love to trick you into downloading a malicious tool with high-level access to your computer or phone. But that software is still the best (and sometimes only) way to stop some of the most prevalent hacking attacks.

Unless you’re some kind of memory savant, password managers are the only sensible way for you to use unique passwords on all your accounts. That helps keep one data breach at, say, Yahoo, from letting hackers access more of your accounts.

And despite concerns about compromised or outright malicious antivirus scanners, the software hasn’t outlived its usefulness yet. That’s according to Jerome Segura, a security researcher at Malwarebytes, a firm that focuses on catching malicious code that traditional antivirus software can’t catch.

“It’s important to have security software, especially if you’re running Windows,” Segura said.

All that being said, these steps only mitigate damage caused by hackers. As the companies that protect and store our data keep getting compromised, we’ll likely all receive another helping of apologies and free credit monitoring in 2018.

“You are kind of at the mercy of companies if they get hacked,” Segura said.

View full post on National Cyber Security Ventures