In Part 1 of this series, we discussed some current general internet statistics and how they show us why we, as users, need stronger security practices as well as a better understanding of how best to protect ourselves against the growing number of threats out there. We also discussed good password management practices and how best to avoid common pitfalls that create weak passwords.
In this segment, I want to discuss some of the common threats that exist out there and how you can best protect yourself from and avoid them.
The first thing I want to discuss is Malware. Malware is essentially any malicious program created by some intended to do harm to you, your computer, and/or your data. Many times it is intended to steal your data for identity theft purposes.
The most common types of malware are things that you’ve probably heard of such as viruses or worms. Other, more malicious forms include things like ransomware.
Ransomware is malicious software that once it infects your computer, it encrypts all of your files keeping you from accessing them. A message will then display on your screen essentially extorting you for money if you want to get your files back. Some people pay and some don’t. Regardless, the damage is done and some businesses never recover after one of these infections. You may recall an attack in the new recently about “WannaCry”. This is one of the most recent and worst examples of this type of attack that we have seen.
Solution: Defense and DON’T OPEN/DON’T CLICK strategy
So how do you prevent these things from happening to you? To answer that, we have to look at that the most common way that malware infects computers. Statistics show us that 91% of all these infections come through some sort of PHISHING attack.
What is PHISHING? Well, it is officially defined as, “the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.” They can also be used to infect your computer via bad file attachments or links to infected websites.
So the simplest solution here is to pay close attention to the emails that you open. The best rule is DO NOT open ANYTHING that is from someone you do not know or that you are not expecting. Along with that, if it looks fishy (or PHISHY), delete it. The biggest thing to pay attention to here is that with a stat like 91% you can see that if you’re going to get an infection of some kind, it will more than likely come via email.
Of course, another important solution is to protect your computer/equipment with anti-virus/anti-malware software or these days referred more to as security protection suites. Having some sort of protection on your machine like this will also go a long way in preventing or helping to prevent your data from being compromised by these malicious programs.
Problem: Social Engineering
When I speak to audiences, I make sure to talk a little about social engineering. One of my friends once put in the form of a trick question. What is the least secure operating system? The answer is the Human Operating System. US. We are the weakest link for malicious parties to exploit. I define Social Engineering as “hacking the human OS (Operating System)”.
It is basically is the oldest trick in the book. It’s the con game. It’s the selling of snake oil. There are a lot of ways these malicious parties attempt to get your information. They will do anything from stage fraudulent phone calls posing as a representative of a company with which you do business to PHISHING email campaigns. That’s right, PHISHING that we just discussed is another form of social engineering.
Regardless of the method, social engineering has one goal, to do you harm in a way that also benefits the person initiating it. Whether they are attempting to steal your personal data or infect your computer, their ultimate goal is financial gain at your expense.
Solution: Be wary. When in doubt, don’t give out your information.
The best thing you can do in any situation is to trust your gut. If something feels wrong, it most likely is. Whether in email, on the phone, or even in person, trust that feeling inside that says, “I really don’t feel right giving any information to this person.” I’ve been known to ask very pointed questions on that phone that either get good answers or make the person hang up. The hang ups are obviously people who realize I’m more in tune with their intentions than they expected, so they move on to the next target. Remember that these people are looking for the easy game, so when they meet resistance, it’s easier for them to just move on.
So, ask questions. Ask them why they need your full social security number, or why they need you to give them your password. These types of questions are not ones typically asked by legitimate businesses. They should already have the data and not need you to provide it, especially if they called you. Also, watch for lack of professionalism. Some of these people will get belligerent when you question their need for information.
I know this has been a bit of a long post, but I wanted to get you as much information for your own protection as possible. Be cautious and protect yourself the best you can. Equip yourself with knowledge and tools to keep you, your business, and your family safe from these ever-increasing dangers online. As aways, we at Cyber Watchtower are here if you need us.
Stay connected. Stay Safe!