Lot of talk lately about the likelihood that Putin will greenlight a massive cyberattack on western countries. Not sure what we can do to minimize it. Use my computer less? Back up stuff to the cloud? Back up stuff to a thumbdrive?
Backing up to a thumbdrive or other physical media is a good idea.
Backing up to the Cloud won’t help much short term in this case.
I’m not the least bit concerned with respect to my own computers. If Putin mounts a cyber attack, the targets will be governmental organizations and large corporations, probably most likely focusing on the financial industry. The Russians have nothing to gain by going after the personal computers of private individuals like you or me. That said, regular backups should be part of everyone’s SOP.
Perhaps make sure you have some cash at home, in case the ATMs go down?
Probably not a bad idea for those who worry about such things. There was a famous incident many years ago affecting one of the biggest banks around here. It wasn’t due to hacking, but just to IT incompetence, but it shows what can happen. It started with a major software update that went bad, and the attempt to roll it back just created a cascade of secondary problems. The bank’s major operational systems involving virtually all account transaction processing, from teller terminals to ATMs, were down for three or four days. The bank went into full disaster-contingency mode, and needless to say when it was all over heads rolled, but that was small consolation to those who suddenly had no access to their money.
I change my passwords frequently and make them harder to guess. A friend of mine just had his Yahoo mail hacked resulting in lots of emails going out to confused recipients. I asked him if he had a difficult password to figure out and he said no, and that it would be fairly easy to guess. 
Hackers have sophisticated programs that can try millions of passwords and check to see if any of them work on your logins. Luckily in his case, they didn’t try his bank account, which apparently had the same password.
Have some cash in case Visa/Mastercard or your bank (who issued your card) is hacked.
Of course, if they hack the electric co, then you won’t be buying anything? How many places do you know of anymore that use a non-powered cash register?
During the long Superstorm Sandy blackout, many places figured out how to take cash and some even charge cards. They did that pretty quick. Only 10 years ago.
Additionally, in NJ at least, far more cell towers now have backup generators as do far more gas stations and convenience stores. Not so sure about Supermarkets though.
We’re not doing anything different right now, just the usual stuff:
- A cache of cash in the house in case of a major financial system catastrophe
- Personal files - email, photos, etc. - backed up to an external hard drive that’s disconnected when a backup is not actively happening, and regularly updated
- A strong password for each account, and no two accounts have the same password
- Careful what links you click on in the emails you receive
- If you’re going to enter your credential somewhere, check the site certificate first
- MalwareBytes is keeping an eye on my computer
When I worked at a grocery store about 20 years ago, if our credit card system went down we would request people pay with cash or check if possible, but if someone had no way to pay other than a credit/debit card, we would break out the old school credit card machine to make an imprint of their card on carbon paper. Now most cards today don’t have the raised numbers anymore, but I imagine it worse came to worse we could go back to processing credit card transactions on paper.
There are about a bazillion different things that could fall under the heading of “cyber-attacks”, and the defenses against each are different.
For a normal person, the following steps are probably sufficient:
- Change your email password
- Change your bank password
- Withdraw enough cash to be able to survive minimalistically for a week or two.
- Candles
My concern is the power grid. I have a whole house NG generator installed to assist with a power loss due to storms/hurricanes. Should a cyber attack cause a widespread electrical outage, my hope is the NG supply will continue but my apprehension is it may not.
Banks and other institutions have been spending billions on cyber security and been dealing with the threat of cyber attacks for years now. As individuals, people should already be doing common sense stuff like using long non-guessable passwords, multi-factor authentication, backups of important data, etc. Other than that, I’m not sure what you would specifically “do” to prepare for some nebulous “cyber attack” threat.
It’s not “nebulous”, it’s quite real, and the least we can do – as we have been – is track what the Russians are up to. For instance …
Nebulous in that we don’t know what the attack will be or where or how it will happen. That makes it difficult to formulate a response beyond reasonable precautions people should be doing anyway (at least regular people not specifically working in cybersecurity or at-threat industries).
Your link doesn’t really provide much additional insight beyond the “don’t click on strange links” advice most people should already be aware of.
The purpose of the link was to show that Russian sources (almost certainly the FSB) are actively developing tools of cyber warfare. I’m sure the CIA has a lot more information. I don’t know specifically what governments, banks, and other critical institutions are doing and I’m sure they won’t be sharing that information, but the point is that there is reason to believe that there is currently an increased level of threat.
Again, I don’t think private individuals are at any greater risk than usual and normal precautions should be adequate.
You forgot: Enable MFA on every account you can. This bit of advice has been good for the last few years.
Right- the odds of the Russians cyberattacking YOU is negligible.
But they may well go after your local city government or utility providers, and while large cities and states are in all likelihood staffed with competent enough IT departments to be protected, there’s likely a LOT of risk in smaller states, counties and municipalities who have a handful of whoever the local IT talent is.
We already saw some of this in Oldsmar, FL in the past couple years.
I’m personally not so sure they’d go that far though; that seems to verge on a casus belli to me, if you’re messing with the safety of the water supply or power grid. But messing up someone’s water billing beyond repair? That would be the sort of thing I’d do in their shoes- sow chaos and cost people a lot of money, without actually killing anyone.
Ransomware is another option I might do; hold something hostage instead of just messing it up.
I recently noted in another thread that the compressors at NG compressor stations that keep NG moving through the piping network are often powered by engines that are fueled by that same NG power supply. So even if the electrical grid goes out, there’s a fair chance the NG supply will continue unabated.