Pattie Lovett-Reid: 5 ways to protect yourself against a cyberattack

By Pattie Lovett-Reid

Online investing technology computers keyboard computer internet

Online investing , File photo

Pattie Lovett-Reid

Chief Financial Commentator, CTV

Follow|Archive

An historic cyberattack that hit computers around the world, including here in Canada, is believed to be the largest online extortion attempt ever recorded. On Friday, the WannaCry ransomware worm targeted computers that run hospitals, banks, and government agencies. User’s files were held for ransom. It crippled the British health-care system, forcing thousands of medical treatments to be cancelled or postponed. A hospital in southern Ontario was also affected.

The incident is a major reminder to companies and consumers alike to secure their systems and devices — but if history is any indication, it won’t work.

Although more people than ever are at risk of being hacked, most still don’t take basic security precautions, a January study from Pew Research Center found. Nearly 30 per cent of smartphone users don’t even use a lock screen password on their phone. Some 54 per cent of Internet users have accessed public Wi-Fi networks, which put them at risk of being hacked — and one in five of those users admit to using a public network for sensitive services like banking, according to the study.

When it comes to passwords, numerous studies have found people use passwords that are less secure than they would like because they are simple to remember. Passwords like "123456" and "passwords" topped lists of emails and passwords most frequently used on hacker forums for the second year in a row.

Here are a few precautions to protect yourself:

1. Spend one hour per week reviewing your financial documents. Check your credit cards thoroughly, review yours bills and question any unauthorized purchases or transactions.

2. Set up real-time alerts. Most financial institutions offer real-time notification services that allow them to contact you in the event of a purchase or attempt considered to be unusual. You can put limits in place and chose how to be notified – email, text, or call to validate.

3. Change your passwords monthly. Creating strong passwords is important. Coming up with obvious passwords such as your birthdate or initials do not pass muster. Studies have shown that more than 50 per cent of Internet users use weak passwords. If you create passwords using your address, birthday or phone number, and this information is acquired via cyber theft, all of your personal data becomes vulnerable. Be creative and make your passwords strong by using a random combination of letters, numbers and symbols that have no connection to you or your family. Some recommend a short sentence (for example: the sun is shining).

4. Keep your private information private. Don't share your passwords with family members and pay close attention to what sort of information you give out over the phone or online. A simple rule: do not provide your passwords or personal information to unsolicited callers. When searching new websites, to ensure its security, make sure there is a closed lock symbol at the bottom right of the screen. Web addresses that begin with “https” are generally secure, and if you click on the lock symbol on the bottom right, it will display the same “https” address.

5. Subscribe to identity protection. What the bad guys' malware does is sneak into private files, grab your credit card and personal information and sneak out. There are numerous identity protection companies who will monitor your credit cards, and other data often for a fee. You can explore options via TransUnion or Equifax.

The current attack has hit over 200,000 computers across at least 150 countries, targeting Microsoft operating systems; however, China suggests that number could be closer to 1 million. Microsoft and the affected countries are now offering free security fixes to everyone affected. The reality is the malware hit computers that hadn't updated operating systems and exploited a vulnerability.

On a personal level, hopefully, your information or data is never obtained by cyber thieves. It is obvious that even the most secure computer networks are susceptible to attack. The least we can do is take control where we can and help to lessen our own vulnerability to an attack.