Today’s cybercriminals are organized, sophisticated and more prevalent than ever. That’s according to Mike Lovernick, a supervisory special agent in charge of a cyber/counterintelligence squad with the FBI Chicago Field Office. Lovernick led an Education Day session at ASI Chicago to share some of the latest trends in cybercrime – along with tips on how to beef up your cyber hygiene.

“The information you put out there is being consumed by somebody,” said Lovernick. “There are bad actors out there trying to get your information all the time.”

He noted that ransomware, where a bad actor encrypts your data and holds it for ransom, has become “almost like buying a professional product.” Back in the early 2000s, you needed to be a computer scientist to develop a ransomware program, Lovernick said. “Nowadays you can go on the web and find apps that do this for you,” he added, describing it as “ransomware as a service.” The point, Lovernick said, is that it’s no longer hackers working alone in the world – it’s an organized industry.

Social engineering – where bad actors try to glean personal information by appealing to your emotions, sense of urgency and greed – is also getting more sophisticated, according to Lovernick. “It’s escalating in frequency, but also the intensity of how they’re pursuing people,” he said. “It’s not just getting an email from a Nigerian prince.”

Cybercriminals scour social media, company websites, public records and other online resources to get information on targets. And the advent of artificial intelligence has also led to the development of “very sophisticated bots” that seem human to the people interacting with them online.

The good news, however, is that there are steps businesses and individuals can take to improve their cyber hygiene and safeguard their data.

1. Keep your patches updated. Manufacturers release patches en masse when they’ve identified a weakness in an operating system, and once they do, cybercriminals know there’s a vulnerability they can exploit in unpatched systems. “Back in the day, it would take them weeks to come up with the proper exploitation for that patch,” Lovernick said. “Now we’ve seen it as quickly as 10 hours after a patch.”

It’s also important to keep your software and operating system updated. And make sure your antiviral software is current as well.

2. Focus on awareness and training. Every organization should have a policy for educating staff on best practices online. “All it takes is one person in the organization to be that weak link” and click on something they shouldn’t, Lovernick said.

3. Manage admin accounts. “Implement a principal of least privilege,” Lovernick said. “Make sure you’re not giving everybody unfettered access to do whatever they want.”

4. Use multi-factor authentication. “If you’re accessing anything with just a password, that password is useless and it can be beaten,” Lovernick said. Two-factor authentication “is a pain in the butt” but it’s the best way to prevent someone from getting to your data, he added.

5. Use pop-up blockers. Pop-ups are another way bad actors can access people’s systems, according to Lovernick. Hackers can access an insecure website and add a pop-up, which an unsuspecting visitor to the site could then click on, giving the hacker the in they need.

6. Back up your data. “If you have a server, you must have backups and they have to be offline,” he said. That way you can be back up and running with no problem without paying the ransom. You’ll still have to deal with the damage of your data being taken by bad actors, but at least your system won’t be crippled.

7. Visit the FBI’s cybersecurity website. The ic3.gov website allows people to report when they’ve been the victim of a cybercrime. But it also includes tons of up-to-date articles and information about the “ransomware soup du jour,” Lovernick said.