Life Hack: How to protect yourself from a cyber attack

It is suspected that the group managed to obtain or steal credentials of someone with admin access to the management system, removing all devices connected to the network. This is sure to have had a detrimental financial impact on the company.

While it is an extreme example, it did happen on our doorstep, so cyber attacks are not happening to a distant ‘other’ — these are Irish people and jobs affected.

The Garda National Cyber Crime Bureau (GNCCB), which investigates cyber-dependent crimes, has useful advice widely available in this area.

With this in mind, there are steps everyone can take to protect digital data and devices from a range of attacks.

What is cybercrime?

According to the GNCCB, which investigates cyber-dependent crimes, cybercrime is the use of a computer to further or commit illegal acts. It falls under two primary categories: cyber-dependent crime and cyber-enabled crime.

Cyber-dependent crimes are those that cannot be committed without a computer being involved because the computer is the target of the crime, such as the unauthorised accessing of data, interference with computer systems or data and data interception. These include deliberately injecting viruses or encryption malware (ransomware) into a system or denial of service attacks, where a system is bombarded with requests and unable to function properly.

Cyber-enabled crime includes traditional crimes such as fraud or harassment, except that they are committed over a computer network. Over 70% of fraud is now committed online and can range from fraudulent emails and fake friend requests to offers that seem too good to be true.

How to protect my personal information?

Individuals are frequently targeted by hackers and online abusers. Cyber frauds and fake profiles are being used to deprive victims of their property and their privacy, often with devastating consequences.

Be careful when posting online — don’t share something you would not say in person. 

Change your passwords regularly and avoid using passwords with personal links like pet names or dates of birth — you may have shared a pet’s name on Instagram or been tagged on Facebook marking a birthday, so these guesses are easy to make.

Don’t respond to unsolicited friend requests or emails asking for personal information or to update bank or other accounts.

Use multi-factor authentication for account or device access.

How to protect my company?

A cyber attack on a business can have a devastating impact, not just financially. The cost of a cyberattack can be high and range from reputational damage, data loss and recovery costs to the possibility of fines for breach of regulation.

While large-scale organisations like Stryker and the HSE have been targeted in recent years, SMEs have increasingly found themselves on the receiving end of unwanted cyber attention from criminals and curious hackers.

Over 40% of ransomware attacks arise from phishing emails, where the victim clicks on a link and enables infected malware to install and encrypt the device or network, highlighting the importance of educating staff about the risks they face in their inbox. Have a cyber response plan and test it regularly. Train yourself and your staff to recognise and respond.

Use a separate network or the cloud for secure and separate backups. Use a VPN to connect to a corporate network and never use public wifi to send or share sensitive information.

Update/patch software and applications regularly from reliable official sources.

Never pay a ransom demand. It may not be the final one, and you may not get the data back.

Monitor network traffic. Increased emails may suggest a Denial of Service (DoS) attack.

What to do if I’m attacked?

It’s very important that you speak up and report it, whether you’re affected by an individual attack or a wider cyber attack at work. The faster it’s reported, the less damage may be done.

Data protection rules like GDPR require companies to report data breaches where personal data may have been compromised, but the GNCCB also recommends reporting attacks to the gardaí.

“Reporting cyber-attacks to law enforcement should be an integral part of a corporate cyber culture and not one that is forced or compelled through fear of prosecution or penalty for data breach. After all, it is only through collaboration that the risk of cyberattacks can be minimised. It takes a network to defeat a network.”