In the age where the internet has become the de facto avenue for communicating, it isn’t a surprise that the amount of threats on the web has skyrocketed. Open up any technology section of your favorite news site and there will be tons of articles talking about the latest cyber-attack, computer security breach or ransomware being encountered out in the world wide web.
You might have heard of IT security breach terms such as “Virus”, “Spyware”, “Trojans”, etc. countless times during your browsing experience. Now with the hundreds, even thousands of cyber threat variants (with more being discovered daily), how do you identify and–more importantly–how do you combat them?
We’ve compiled a list of the most common cyber threats with advice on how to keep yourself and your business safe:
Phishing and Spear Phishing
These come in as fake emails usually posing as a legitimate organisation asking you to download an attachment or click on a link. Sometimes, the email will come from a coworker or a known associate’s email–this is usually a “spoofed” email address and hence they’re only faking that they came from a known email.
Once you’ve downloaded their attachment or clicked on the link in the email, a malicious program (or Malware) will run itself and infect your machine.
Here’s our advice on how to combat phishing threats:
- Make sure that your spam filters, pop up blockers, and anti-virus programs/features are running and up to date. These are your front-line defenses against phishing attacks.
- Some phishing emails are well crafted enough to slip through your front-line defenses. In this case, your newfound knowledge on phishing schemes will come in handy.
-
Flag suspicious emails and block them (You can always unblock in the future if you made a wrong guess)
-
Never click links on an email unless you are sure it’s safe. If you hover your mouse pointer over a link, your browser will show you a preview of where the link leads to. You will usually see the preview at the bottom of the webpage. This will give you a better way to detect fake links.
-
Always ask questions about suspicious emails to your IT/IT Sec department
-
Try to block or at least remember known malicious email addresses
Malware / Other Malicious software
Survey says that Trojans (malware designed to infiltrate and give unauthorized control of a machine) are the most widespread of all malware types.
Although Malware comes in all sorts of forms, their primary goals are to infect, disrupt, and steal your machine’s data. The most common way for Malware to enter your machine is via an email link or an installer coming from a suspicious source–so make sure you are only installing and opening links that you trust.
Here are some tips to avoid infection from Malicious software:
-
Always have an anti-virus (AV) suite installed and running on your computer. These programs actively check files and programs on your computer for malware.
-
Links and online ads are huge sources of Malware. Try to keep yourself from clicking them as much as possible. If your internet browser supports it, install an adblocker add-on–these automatically detect ads and hide them from webpages..
-
Windows updates, Mac updates, and software must also be up-to-date as malware can exploit old unpatched software and gain access through that.
-
Make sure your current AV is running and updated to the latest patches–malware are updated daily to attempt to get around your AV software. Although auto-updates come standard, make sure to check if you have the most recent updates periodically.
- Beware of installers. Some viruses can install themselves as an additional program. Slow down when clicking “Next” the next time you’re installing a program or an app.
- As a reminder, malware can be attached onto emails–only download or click on links from trusted sources.
- If you aren’t sure about installing a certain app or program, ask your IT team if the software is safe to install.
- Immediately contact your IT department if you suspect that your machine have been infected.
Weak /Default Passwords
Passwords that are easy to guess can be used by hackers to have full access to your account. This opens a number of avenues for hackers to access your personal and business data–bank, social media, and other email accounts. Luckily, a well thought out password and password-keeping-tactics will stop this from ever happening.
Here are our tips on having a secure password:
- When creating a password make sure to use a combination of numbers, special characters (if possible, ie, ^@*#), and letters.
- Avoid using common words, default passwords or phrases. These are vulnerable to “Dictionary Attacks” where a hacker would try to enter the most commonly used passwords to crack your account.
- Refrain from using personal information as anyone can use that against you–be it by guessing your password or by using password recovery methods.
- Variety and randomness is key to having a secure password. You can also capitalize some letters to add to the difficulty.
- Use a password convention that is easy to remember. Although using your pet’s name as your password is unsafe, combining 3 things that are dear to you would be safe and easy to remember. For instance: “DaN1MrWh!skr$19&” is a very hard password to crack even though it contains a name, pet’s name, and a birth year.
Removable Media (CDs, USB Drives, Phones)
These devices may contain malware and infect your computer when plugged in. Pictured above, removable media (RM) can take on a number of forms–including but not limited to, USB flash drives, CDs/DVDs/Bluray, SD cards, and phones.
Basically, any device that can interface with your computer is an RM. People of malicious intent may intentionally spread infected RM (via a product “giveaway” or leaving it unattended in a public space) and wait for those devices to be plugged into a unsuspecting person’s computer.
Here are some ways to avoid that from happening:
- Do not use any removable media from an unknown source
- In the event that a suspected RM is connected to a machine, do not open any programs that could be in the RM. Also make sure that your AV suite is running–in the event that a malicious program or file is opened, your AV will be able to stop the malware from executing its task.
- Only use removable media that is from and/or approved by your company
- If you’d like an RM “cleaned” simply contact your IT team and they can handle it for you.
BYOD (Bring Your Own Device)
Using personal devices (phones, tablets, laptops) at the workplace can be a good thing. It costs almost nothing to get a new team member on board, it also alleviates future cost to upgrade (some, not all) office equipment as people tend to purchase the latest and greatest anyways.
It does have its downsides however, as it becomes a challenge to find cross platform programs that work with each other and personal machines open up more avenues for malicious individuals to access company data.
The following are our tips for businesses that run BYOD in their offices:
- Machines could already be infected from personal use prior to arrival in the office. So make sure your IT team thoroughly scans the devices and green light them for the office.
- Ensure that the device is properly locked down by your IT team–although these are personal devices, the IT team should be allowed to install their recommended AV suite and other security programs.
- Keep your machines password protected and phones encrypted with at least a PIN or Lock pattern
- Always lock your workstation when you step away from it–even for just a few seconds.
- Finally, allow your IT team to perform frequent audits to all machines in the office’s network.
With this new found knowledge, we are happy to report that you’re sufficiently armed with the know-how to combat the most common cyber threats in the world to date.
Hopefully, you’ll feel safe and confident the next time you see a web article about recent trojan or phishing attacks on the web. If you have any further questions or have your own tip to share, leave us a comment below.