Individual Americans don’t need to worry – at least not immediately – that their personal information was rifled through or stolen in the recently discovered intrusion into U.S. computer systems that officials suspect was the work of Russian hackers, cybersecurity experts say.
But it’s unclear what the hackers could do in the future. So the cyber attacks are an important reminder that all systems – including those we use daily – are vulnerable. And, says Craig Danuloff, CEO of The Privacy Co., there is more we can do to protect ourselves.
“At a high level, I would say that this isn’t a direct concern for ‘regular folks’ except in what it demonstrates about the potential for even the most secure and protected digital assets to be successfully attacked by those with enough resources and determination,” said Danuloff, whose company makes an app to help people secure their information.
All of the cyber attacks appear aimed at gaining access to information from governments or potentially corporations.
“I’ve seen no indication that the aim or impact was on personal data,” Danuloff said.
What you need to know about FireEye hack:Cybersecurity attack against U.S. government
When a top cybersecurity firm is hacked:What is the takeaway for the average netizen?
But, he said, the risk doesn’t end there.
“The fact that the root of this incident includes the compromise of some core security tools themselves, however, does open the potential for future uses of this exploit,” he said.
The good news: There are immediate steps that you can take to make your personal information more secure.
Danuloff offered five tips on how to make your information less vulnerable to hackers.
- Do not re-use passwords on any important accounts. “That way if the password list from Company A is stolen, hackers cannot use that list to get into your account at Company B,” he said.
- Use two-factor authentication wherever possible, especially on important accounts.
- Choose platforms that use end-to-end encryption for your data. “Files or photos sitting in cloud storage can be stolen,” he said. “If they’re in a database that has no keys or just one master key, all of your personal data has a much higher likelihood of being stolen, accessed, and maybe even shared publicly.”
- Don’t give up your data to every site that asks for it. “Data that isn’t there can’t be stolen,” Danuloff said. All kinds of services ask for your address, phone number, even your Social Security number. “The vast majority of them don’t need it,” he said. So give them “alternative facts.” Use burner email accounts.
- Use a personal monitoring service that informs you when your data has been stolen in a hack or when there are signs of identity theft. These are useful tools, he said, “to stay ahead of potentially costly or complicated problems.”