by Reese Kimmons, MS ISA
With many nations choosing sides in the Ukrainian conflict and Russia implementing cyber warfare tactics as part of its battle strategy, cybersecurity experts are warning that things could get much worse in the near future.
Nations expressing or providing some level of support for Ukraine are already experiencing a greater than expected increase in cybersecurity incidents.
Russian cyber attacks targeting other governments are nothing new. Nation state threat actors in Russia have been targeting the U.S. for years. In 2020, Russian hackers managed to gain at least some level of internal access to multiple agencies of the U.S. federal government.
Now, security experts are warning of an increased potential for even more damaging attacks focusing on fiber optic trunk cables, Internet services, GPS systems, financial institutions, water treatment plants, supply chains, and the power grid.
It is time to prepare for whatever may happen next. Planning for the potentially disastrous impacts of a successful large-scale cyber attack is similar to preparing for natural disasters.
We have compiled a number of sensible, practical and achievable tips, tasks and hints that all families should look at implementing.
Even if the cybersecurity experts’ predictions are wrong, following the recommendations within this article will raise your level of cybersecurity. You’ll also be better prepared for any disruptive or disastrous event that may occur.
Tips for maintaining your cell phone during an emergency
Even if cellular services aren’t targeted in an attack they can be overloaded with traffic as a result, especially if the attack’s impacts are widespread. If this occurs and you are unable to make voice calls, try using your texting app, instead.
Text messages require less bandwidth and may reach their intended recipients when voice calls will not.
Attacks may target the power grid, so having alternative methods available to charge your phone is recommended. You may have a home generator, but there could be a disruption in your fuel supply or you may be forced to leave your residence.
Power banks should be kept fully charged at all times just in case they’re needed. Quality power banks sell for around $20 but the more powerful models are priced higher.
You may also wish to check into solar chargers, but understand that these devices are usually more expensive than power banks and take longer to charge your device. Still, if no power source is available to recharge your phone or your power bank, a solar charger could be your only option for maintaining communications.
If your home Internet service goes down during an attack or if you are traveling, your phone’s hotspot service could be your only means of accessing the Internet with your PC or laptop. Familiarize yourself with the procedure for using your phone as a hotspot so that you’ll be ready to do so if the need arises.
It’s also a good idea to review your stored contacts periodically. Make sure the numbers are correct and that you have contact information for those who you would need to reach during an emergency.
Create contacts with your local law enforcement and fire departments’ non-emergency numbers. If you have a local emergency management office, include that contact information as well.
Should you need to relocate during a cyber attack or other disruptive event, these agencies may be able to provide you with information about evacuation routes and travel conditions.
Many emergency management agencies provide services that allow citizens to sign up for emergency text updates and alerts.
Now is the time to get a VPN
If you do not already have virtual private network (VPN) applications for your home computer, tablet, and cell phone, you should.
A VPN creates a secure tunnel between your device and the sites you visit and encrypts all of the data transmitted and received through that tunnel. Even if a bad actor is eavesdropping on the network and intercepts your data, he or she cannot decrypt and read it.
If you are must connect to public Wi-Fi during an emergency or at any other time, be sure to use a VPN.
Public Wi-Fi networks are inherently dangerous, with cybercriminals often camping out on them to try and intercept sensitive data or deploy malware. You should never connect to public Wi-Fi without using a VPN.
If you aren’t familiar with VPNs and would like additional information, see our VPN reviews to learn more about how they work and which VPN services we recommend to our readers.
Make sure your devices are updated and running malware protection
All of your devices should be running up to date, supported operating systems and be set to check for and install updates automatically. These updates often include security patches for critical vulnerabilities that can be leveraged by nation state threat actors and other cyber criminals to perpetrate their attacks.
Your devices should also be equipped with antivirus/anti-malware applications. These apps should be configured to check for updated virus definitions and run scans periodically to detect and mitigate any threats found.
Secure your home network
Cybersecurity experts using a scanning tool were recently able to quickly identify thousands of home routers on a single Internet segment that were using their default administrative login credentials.
Default admin credentials for routers are available online to anyone who wants them, including nation state bad actors. Your router’s SSID is the device’s default name. It can often be used to identify its make and model, which can then be used to obtain its default admin credentials.
Because your router is the gateway device that stands between your home network and all threats on the Internet, both foreign and domestic, it is critical that the device be secured by changing the SSID and the default credentials that allow administrator-level access.
The SSID should be changed to something nondescript. Depending on your router, you may not be able to change the default admin user name, but you can replace the default password with something lengthy and complex.
Your router’s user manual should include instructions for making these changes. If not, you can find instructions online. Default admin login credentials that will allow you to log into the device and make these changes are usually printed on a label attached to the router.
Once you’ve logged into your router’s user interface, check to see if it is running the WPA3 security protocol. WPA2 is still acceptable, but has some vulnerabilities that WPA3 resolves. If your router is not running either of these, it is time for a new device equipped with current security protocols.
Some non-technical recommendations
As with any disaster preparedness plan, a plan for surviving widespread, disruptive cyber attacks should include maintaining an emergency supply of food and water.
If utilities are targeted by attackers, your water and electrical services could be disrupted. If supply chains are in the threat actors’ sights, grocery store shelves may quickly empty.
Consider doing some research on creating and maintaining these emergency supplies if you haven’t done so already. There are prepackaged emergency food supply kits readily available.
A large-scale cyber attack impacting critical services could force you to temporarily evacuate or relocate. Make sure you know where to find all of your important papers (will, insurance policies, real estate documents, vehicle titles, etc.) so you can gather them up and take them with you.
It’s a good idea to place them all together in a protected location like a fire safe.
If possible and if you require them, you may also want to stock up on prescription drugs. Contact your physician and/or pharmacist for more information.
Again, large-scale cyber attacks can severely disrupt the supply chain. Being without needed medications can have serious, perhaps even deadly consequences.
Some who read this article may believe this to be an overreaction to what is taking place in Eastern Europe and elsewhere. If you are one of those, so be it.
But consider that the recommendations made in this article will increase your overall level of cybersecurity. Implementing them will also leave you better prepared to deal with a variety of other emergency situations should they arise.
It is far better to be prepared for whatever disruptive or disastrous events that may occur than it is to simply hope nothing happens and be caught without the tools you need to minimize the negative impact. Remember, hope is not a strategy!
About the Author:
Reese Kimmons is an experienced IT executive with an AAS in Applications Programming, a BS in IT Management and an MS in Information Security and Assurance. During his time in the IT industry, Reese has earned certifications in ethical hacking, forensics investigations, ISO/GIAC, and Cisco networking.
- How Secure is Your Car? Tips to Stop Car Key Fob Hacking - December 17, 2022
- Cybercriminals Raking in Millions with “Hi Mom” WhatsApp Scam - December 17, 2022
- EU Websites Charging Visitors to Reject Tracking Cookies: A Practice Expected to Spread - December 17, 2022