Cybercrime is any violation of federal, state, or local statute, or malicious or suspicious activity, in which a computer, network or device is an integral component of the violation. Examples can include: a malicious cyber criminal breaking into a computer to steal information (computer intrusion) or to change a website (website defacement); malware being placed on a computer without the owner's permission; and that malware using that computer's resources to send spam.
Cybercrime actors can generally be classified into several categories: lone hackers, script kiddies, insiders, hacktivists, terrorists, nation-states, and organized cyber criminal groups. The motivations for committing cybercrime will vary and can include a desire for recognition or promotion of an ideology; theft of money or information for industrial espionage; or the creation of widespread disruption. Cybercrime is big business. Between October 1, 2013, and December 31, 2014, for example, U.S. victims lost nearly $180 million through a scam known as the Business Email Compromise.[i] One underground market has more than 14 million U.S. credit cards for sale[ii]. The creators of the CryptoLocker ransomware earned approximately $300,000 profit in its first 100 days.[iii]
Cybercrime-whether from malware on a single computer or the recent high-profile hacks against Sony, Target, Home Depot and others-impacts everyone. Below are some key practices you can use to help minimize your risk of being a victim:
Make sure your computer, smartphones, and tablets are safe. Use privacy and security settings in your software, email system and web browsers. New strains of malicious software are appearing all the time, so it is imperative to regularly update your anti-virus software to identify and thwart the newest threats.
Be sure to install all software updates as soon as they are offered; using the "auto update" setting is the best way to ensure timely updates. Similarly, make sure you keep your operating system and any third-party plug-ins that you use updated.
Never use simple or easy-to-guess passwords like "123456" or "p@$$word" or "football." Cybercriminals use automated programs that will try every word in the dictionary in a few minutes. When creating a password, use at least 10 characters, with a combination of uppercase and lowercase letters, numbers, and symbols.
Be cautious about all communications you receive including those purported to be from friends and family, and be careful when clicking on links in those messages. When in doubt, delete it.
Be aware of financial and sensitive information you give out. Cybercriminals will look at your social networking webpage to find information about you--remember, many of the answers to website and bank security questions can be found online, like the color of your car (remember posting that picture of you standing in front of your car?) and your mother's maiden name. Use privacy settings to limit who can see the details of your social network pages, and be smart about what you decide to share online.
Cybercriminals find loopholes and your accounts may get hacked through no fault of your own, so review your financial statements regularly. Contact your financial institution immediately if you see any suspicious looking activity.
The following resources can help with reporting cyber crime:
FBI Internet Crime Complaint Center - http://www.ic3.gov/default.aspx
The information provided in the Monthly Security Tips Newsletter is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.
Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS.