The era of massive hacks: What to do next and how to defend yourself

If you’ve ever bought tickets online, if you have a bank account, or if you have a mobile phone plan, your data is vulnerable. And the risks haven’t stopped growing. Computer specialist Jakub Kroustek explains that, in 2024, “the highest cyber risk ratio in history has been reached.” He’s referring to individuals, but also to large organization. So, what can be done in both cases?

Law enforcement agents always claim that — when investigating a crime — they prefer a mobile phone to conducting a house search. In a simple device, there’s more data about its user’s life than any forgotten storage room or closet can offer. Our devices even have the keys to enter banking apps and email accounts.

All of this material also interests cybercriminals, who make up an elusive, invisible and tireless army. But it is possible to defend oneself… although the constant fight is exhausting and requires tedious routines.

Marc Rivero — a researcher at the Kaspersky Lab — distinguishes between two areas of defense: “In the business environment, you have to raise the level of security maturity, partner with someone who can help you implement measures and possess the technology to cover each of the gaps. In the case of users, when in doubt, we must always contact [our IT partner] if we receive an email or call that asks us to do something, such as clicking on a link or providing passwords. It’s a matter of common sense and caution.”

On this note, Luis Hidalgo — from the Spanish National Cybersecurity Institute (INCIBE) — identifies a dangerous pattern at all levels: the prevalence of “the happy clicker,” who compulsively clicks on every link that reaches them. “These [individuals] are also — and very often — in the upper layers of an organization,” he warns. All cybersecurity companies insist time and time again on one premise: zero trust.

In this way, one of the fundamental weapons is personal training in all areas, from the individual user to the manager of any company. But attacks will persist. So, you need to know how to act.

In the event that an online service that we use suffers from a cyber-attack, it’s crucial to immediately change our access code. Additionally, the Spanish Consumer Association advises the clients of these companies to “reject any type of contract that’s offered by telephone or email.” The association asks customers “to be attentive to their accounts, in case charges or movements of their money occur improperly.”

When it comes to making online purchases, it’s advisable to have a prepaid credit card that’s solely utilized for online transactions, with only a limited amount of funds made available.

INCIBE has a practical guide for users, which includes the following tips: having a strong and different password for each account; changing your password if your account has ever been compromised (there are free tools, such as https://haveibeenpwned.com/); having multiple authentication options available (possibly including biometric data) and, most importantly, not clicking on links from suspicious emails or “incredible” offers.

Overall, one must steer clear of unsafe webpages, avoid downloading unofficial programs, delete documents that contain information that compromises security and avoid using a principal email account to look at offers and promotions. It’s also important to keep device operating systems updated, so that they’re cleared of vulnerabilities. Cybersecurity experts also recommend limiting access to untrusted, free Wi-Fi and securing home routers.

Sign up for our weekly newsletter to get more English-language news coverage from EL PAÍS USA Edition