Capitol Riots Remind Us of One Overlooked Aspect of Cybersecurity
The riots at the U.S. Capitol this week unnerved people all across the globe. How could such an important location have such underwhelming security? As disturbing as it was to witness the physical breach of the building, it also exposed the government to a potentially massive digital breach.
After the various blatant cyber attacks on the U.S. in 2020, everyone should consider stepping up their online protection. But this incident reminds us of the first, and sometimes overlooked, rule of cybersecurity: never let anyone physically access your devices.
How the Capitol Riots Exposed the U.S. Government
It’s tempting to say that no one expected the events on January 6th. The only problem is that there were warning signs for weeks leading up to this event. Whether Donald Trump was tweeting about his big rally or riling up his following by retweeting messages with a slightly more aggressive tune, security had ample time to prepare.
Nonetheless, rioters stormed the Capitol Building, and members of congress were abruptly forced to evacuate. This hurried escape left most computers unattended and vulnerable to third party access.
According to The Washington Post, one right-wing journalist posted a since-removed tweet that showed that rioters had access to a computer in Nancy Pelosi’s office.
Senator Jeff Merkley said a computer was stolen from his office:
The trail of destruction and looting. What happened today was an assault by the domestic terrorists who stormed the Capitol, but it was also an assault on our constitution.
[sound on] pic.twitter.com/BrELF7cMz1
— Senator Jeff Merkley (@SenJeffMerkley) January 7, 2021
Merkley is on the Senate Foreign Relations Committee, which discusses U.S. foreign policy and global relations.
While it’s not clear if any of the rioters were trained cybercriminals, it is clear that some had no qualms about stealing sensitive information. One rioter, Richard Barnett, stole an envelope from House Speaker Nancy Pelosi’s desk:
Even if nobody accessed any of the devices abandoned in the fray, the government must act as though they did. IT professionals were empathizing with the people responsible for this cleanup job.
Kimber Dowsett, Director of Security Engineering at Truss, tweeted:
As with any security breach, there are lessons we can all take from this.
How You Can Protect Yourself
If an angry mob ever tries to steal your sensitive documents and devices, there’s probably not much you can do. But there are ways to avoid your own small version of the Capitol security breach.
And it’s important to protect yourself because hackers can do much more if they have access to your devices for even just a small amount of time. They can access your emails, sensitive accounts, and banking information. They can install spyware, malware, or other viruses onto your device. But a few small steps but make it more difficult for them.
First, you should never leave your device unattended. If you’re working at a cafe or coffee shop (when normal life resumes), take your device with you when you go to the bathroom, if possible. Even if you live with partners or roommates you trust, it’s still wise to take a few basic precautions.
- Always use strong passwords for your personal accounts.
- Always log off when not using accounts containing sensitive information.
- Be sure to use a login password in order to unlock your device before use.
- If your computer has been stolen, call your banks and credit card companies immediately.
- Change your passwords as soon as possible.
And if you think that you’ve been hacked, reach out to us for immediate help.
Featured image by Lev Radin via Shutterstock.