Your digital devices are vulnerable to a malware attack anytime they’re connected to the internet, but the war in Ukraine has raised the risk of Russian cyber attacks on personal and corporate computer systems.

Listen to audio highlights of the story below:

“Consumers should be aware that cyber actors can target them through almost any website or mobile application,” Chris Olson, CEO of The Media Trust, a digital safety platform, told USA Today.

Bad actors in Russia or elsewhere could cause disruption by launching denial-of-service (DoS) attacks against websites belonging to major American companies or the U.S. government, security experts warn.

As the U.S. Cybersecurity & Infrastructure Security Agency explains: “A denial-of-service condition is accomplished by flooding the targeted host or network with traffic until the target cannot respond or simply crashes, preventing access for legitimate users.”

DoS attacks typically rely on armies of infected personal computers (bots) that are instructed to ping the targeted computer networks. That’s what Russian hackers did in Ukraine prior to invading.

“The more secure everyone is from having their computers infected and turned into bots, the less damage will be done if there is a denial-of-service attack,” said Chester Wisniewski, principal research scientist at the digital security firm Sophos.

Good cyber hygiene is always important. The prudent response is to review your security protocols and strengthen your digital defenses.

Keep Software Updated

This may be the best thing you can do to ward off a cyber attack, and yet, many people don’t keep up to date.

Nearly one-third (31 percent) of the 2,000 people surveyed by the National Cybersecurity Alliance for its “2021 Cybersecurity Behaviors and Attitudes Report” said they did not install the latest updates and software as soon as they were available. A little under 10 percent admitted they don’t bother to update software and applications when updates are released.

It’s essential to make sure all the software on your devices (at home, in the office, and mobile) are up to date. This includes security software, operating systems, web browsers, and other applications. While these updates may include some performance improvements, the critical ones are provided to improve security.

“Most often, companies like Google, Microsoft, and Apple only release those updates when somebody has been actively attacking their devices, and has succeeded and found a way to break into them,” Wisniewski told Checkbook.

Most updates can take place automatically, when allowed, so they don’t interrupt what you’re doing. If “automatic updates” is turned off, the smart move is to enable them.

You will get a prompt when a reboot is required to install the new software, which can take as much as a half hour. But there’s no need to stop what you’re doing right away. Just make a note on your calendar to accept the update or do the reboot at the end of the day.

“Schedule it at a convenient time, but try to do it urgently because especially now, with the war going on…there’s an increased likelihood of attacks right now targeting Western individuals,” Wisniewski told me.

Be Suspicious About Update Messages

You should only trust update messages displayed by your device itself. Don’t trust an email, text message, or a social media message about an update.

“Those are attack vectors that are used,” Wisniewski cautioned. “In fact, we’ve seen those used actively in Ukraine to target people in Ukraine to compromise themselves by loading false updates for their antivirus programs. Updates will always come from the software itself.”

Reduce the Risk of Attack

Most bad actors get us to download malware by tricking us into clicking a link or opening an attachment.

Unless that malicious code is caught by your security software, it can sneak onto your devices without your knowledge.

More than 90 percent of successful cyber-attacks start with a phishing email that looks legitimate, according to the Cybersecurity & Infrastructure Security Agency.

This phishing email which appears to be from Chase, is designed to get you to click on the link without thinking:

Resist the temptation to click on links in unexpected email or texts, whether it’s someone urging you to “check out” a great new video, or it appears to be from a trusted company (such as your bank, credit card company, favorite retailer, or shipping company), alerting you to a “problem” with your account.

The same rule applies for opening attachments. They can contain hidden malware that installs when you open them.

Back It Up

You need to be prepared for the worst, such as a ransomware attack that disables your machine and locks up your files. Back up your important files to an external drive, or have them automatically backed up with a cloud-based service, such as iCloud or Google.

More Info

The National Cybersecurity Alliance has a variety of tips on how to stay safe online.

The Cybersecurity & Infrastructure Security Agency suggests four things to do to keep yourself cyber safe.


Become a Smarter Consumer Get free, expert advice delivered to your inbox every Wednesday when you sign up for the Weekly Checklist newsletter.



Contributing editor Herb Weisbaum (“The ConsumerMan”) is an Emmy award-winning broadcaster and one of America's top consumer experts. He is also the consumer reporter for NW Newsradio in Seattle. You can also find him on Facebook, Twitter, and at ConsumerMan.com.