Security professionals are urging Americans to take immediate steps to protect themselves from a higher risk of Russian cyberattacks after the invasion of Ukraine.
“We are seeing more and more nation-state activity due to the conflict in the Ukraine,” said Ryan Wright, a professor specializing in cybersecurity at the University of Virginia. “With U.S. sanctions setting in, it is only a matter of time until the U.S. is targeted more directly. This may mean attacks on your personal device through ransomware but also attacks on the infrastructure such as your internet access or even the power grid.”
From the SolarWinds to the Colonial Pipeline attacks, state-sponsored actors wage increasingly sophisticated cyberwarfare. Russia might try to disrupt financial systems and crucial infrastructure such as the power grid or oil production to put pressure on the U.S. to relent on sanctions, said Saryu Nayyar, CEO of security firm Gurucul.
Though it’s unlikely cyberattackers would target most Americans individually, “the reality is that any cyberattack can have repercussions on individuals,” she said.
THIS IS WHY RUSSIA INVADED UKRAINE:Mapping and tracking Russia’s invasion of Ukraine
WHO IS VOLODYMYR ZELENSKYY? What to know about Ukraine President Volodymyr Zelenskyy
With technology delivering so many of our basic needs, those repercussions can be wide-ranging, from supply shortages at your local grocery store to widespread power outages, says Kevin Novak, managing director of security firm Breakwater Solutions.
“So while at the moment I do not believe that private U.S. citizens should cower in fear over Russia’s capability of adversely impacting them via cyberattacks, it is reasonable to expect that their lives will be impacted in some ways by cyber retaliatory actions that result from U.S. sanctions and other political maneuvering,” Novak said.
Warns Chris Olson, CEO of The Media Trust, a digital safety platform, said, “Consumers should be aware that cyber actors can target them through almost any website or mobile application.”
So Americans need to be prepared, says Doug Jacobson, professor of electrical and computer engineering at Iowa State University. What he has been advising friends: Protect yourself by practicing “cyber hygiene.”
Eman El-Sheikh, associate vice president of the University of West Florida Center for Cybersecurity, said Americans should review and strengthen their digital defenses right away. “Cybersecurity is everyone’s responsibility,” she said.
So what is cyber hygiene? Here are some common-sense recommendations from the Cybersecurity & Infrastructure Security Agency (CISA) “Shields Up” campaign and cybersecurity experts interviewed by USA TODAY.
Turn on multifactor authentication
Use multifactor authentication on all of your accounts, including email, social media, shopping and financial services, for extra protection. When you sign in, you will be asked to confirm your identity through a text message, email, code, fingerprint or Face ID.
Update everything, including software
Update antivirus and malware software, operating systems and applications, especially web browsers, on all devices including mobile phones, tablets, desktop computers and laptops. Turn on automatic updates.
Think before you click
Before clicking or tapping on links or attachments or downloading files, take a beat. Most cyberattacks start with a phishing email, which looks legitimate but isn’t and can be used to steal your passwords, Social Security number, credit card numbers and other sensitive information or to run malicious software known as malware.
Use strong, unique passwords
Protect all of your account credentials including username and password, says Lucas Budman, CEO of security firm TruU. Use strong passwords and don’t reuse them. Your best bet is to subscribe to a password manager to generate and store unique passwords.
Don’t believe everything online
“All sides in any conflict will also be working to use information streams to their advantage. People should be very cautious about the information they share,” said Jessica Beyer, principal research scientist and lecturer at the University of Washington.
RUSSIAN SANCTIONS:From soccer to vodka, here are some sanctions, bans and boycotts placed on Russia
What is SWIFT? How could banning Russia from the banking system impact the country?
“People should remember that when information is incomplete and emotions are understandably high, it is the perfect situation for bad information to spread,” Beyer said. “People pursuing all kinds of agendas will take advantage of that. Bad actors will be working to spread fear and doubt. Military aggressors will be trying to make their reach look larger than it is. A way we can all help in a tiny way is by being mindful about what we consume and share.”
So far, Russia is losing the global information war “both because its attack on Ukraine was unprovoked and impossible to disguise, and because the government has taken a scattershot approach to shaping the narrative,” said Scott Radnitz, associate professor of Russian and Eurasian Studies at the University of Washington.
But he expects more misinformation and disinformation to spread. Watch out for unsubstantiated claims such as Ukraine is building a “dirty bomb” or it is carrying out “false flag” attacks, Radnitz said.
Back up important files now
Cybersecurity professionals urge Americans to back up important files such as bank accounts and statements in the cloud and on external drives.
Use a VPN on public internet
Use a VPN, or virtual private network. It provides an additional layer of protection between your devices and the internet by hiding your IP address and your location. It also encrypts your data. Also, make sure your home Wi-Fi is password protected and secure to keep people from stealing your personal information and attacking your devices.
Stock up on emergency supplies?
Should you prepare for a cyber attack the way you would for a tornado or an earthquake? Security experts are mixed but say it’s generally a good idea to have cash, an emergency kit and a full tank of gas. “Worry about cybersecurity the way you do mother nature,” Jacobson said.
Just don’t overdo it. After the Colonial Pipeline attack last year disabled computer systems responsible for fuel production, panicked motorists lined up at gas stations in the Southeast to fill their tanks and jerrycans.
“Where the danger truly comes from is fear,” said Dave Cundiff, vice president of cybersecurity firm Cyvatar.ai. “The fear of the unknown is what gives cyberattacks their greatest power.”