Cybersecurity and You (Pt. 2)

In Part 1 of this series, we discussed some current general internet statistics and how they show us why we, as users, need stronger security practices as well as a better understanding of how best to protect ourselves against the growing number of threats out there.  We also discussed good password management practices and how best to avoid common pitfalls that create weak passwords.

In this segment, I want to discuss some of the common threats that exist out there and how you can best protect yourself from and avoid them.

Problem: Malware
The first thing I want to discuss is Malware. Malware is essentially any malicious program created by some intended to do harm to you, your computer, and/or your data. Many times it is intended to steal your data for identity theft purposes.

The most common types of malware are things that you’ve probably heard of such as viruses or worms.  Other, more malicious forms include things like ransomware.

Ransomware is malicious software that once it infects your computer, it encrypts all of your files keeping you from accessing them. A message will then display on your screen essentially extorting you for money if you want to get your files back. Some people pay and some don’t.  Regardless, the damage is done and some businesses never recover after one of these infections.  You may recall an attack in the new recently about “WannaCry”.  This is one of the most recent and worst examples of this type of attack that we have seen.

Solution: Defense and DON’T OPEN/DON’T CLICK strategy
So how do you prevent these things from happening to you?  To answer that, we have to look at that the most common way that malware infects computers.  Statistics show us that 91% of all these infections come through some sort of PHISHING attack.

What is PHISHING? Well, it is officially defined as, “the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.”  They can also be used to infect your computer via bad file attachments or links to infected websites.

So the simplest solution here is to pay close attention to the emails that you open.  The best rule is DO NOT open ANYTHING that is from someone you do not know or that you are not expecting.  Along with that, if it looks fishy (or PHISHY), delete it.  The biggest thing to pay attention to here is that with a stat like 91% you can see that if you’re going to get an infection of some kind, it will more than likely come via email.

Of course, another important solution is to protect your computer/equipment with anti-virus/anti-malware software or these days referred more to as security protection suites.  Having some sort of protection on your machine like this will also go a long way in preventing or helping to prevent your data from being compromised by these malicious programs.

Problem: Social Engineering
When I speak to audiences, I make sure to talk a little about social engineering.  One of my friends once put in the form of a trick question.  What is the least secure operating system?  The answer is the Human Operating System.  US.  We are the weakest link for malicious parties to exploit.  I define Social Engineering as “hacking the human OS (Operating System)”.

It is basically is the oldest trick in the book.  It’s the con game.  It’s the selling of snake oil.  There are a lot of ways these malicious parties attempt to get your information.  They will do anything from stage fraudulent phone calls posing as a representative of a company with which you do business to PHISHING email campaigns.  That’s right, PHISHING that we just discussed is another form of social engineering.

Regardless of the method, social engineering has one goal, to do you harm in a way that also benefits the person initiating it.  Whether they are attempting to steal your personal data or infect your computer, their ultimate goal is financial gain at your expense.

Solution: Be wary.  When in doubt, don’t give out your information.
The best thing you can do in any situation is to trust your gut.  If something feels wrong, it most likely is. Whether in email, on the phone, or even in person, trust that feeling inside that says, “I really don’t feel right giving any information to this person.”  I’ve been known to ask very pointed questions on that phone that either get good answers or make the person hang up.  The hang ups are obviously people who realize I’m more in tune with their intentions than they expected, so they move on to the next target.  Remember that these people are looking for the easy game, so when they meet resistance, it’s easier for them to just move on.

So, ask questions.  Ask them why they need your full social security number, or why they need you to give them your password.  These types of questions are not ones typically asked by legitimate businesses.  They should already have the data and not need you to provide it, especially if they called you.  Also, watch for lack of professionalism.  Some of these people will get belligerent when you question their need for information.

I know this has been a bit of a long post, but I wanted to get you as much information for your own protection as possible.  Be cautious and protect yourself the best you can.  Equip yourself with knowledge and tools to keep you, your business, and your family safe from these ever-increasing dangers online.  As aways, we at Cyber Watchtower are here if you need us.

Stay connected.  Stay Safe!

Austin Bynum
Chief Watchman
Cyber Watchtower

“I Give Up!”

Cybersecurity. Ransomware. Antivirus.

If you own any sort of electronic computing device, these are just a few terms that have become a part of your daily life.  With all that is out there in cyberspace and the news, it’s a wonder that we still have any trust in technology at all.  Honestly, some people are getting quite fed up and are ready to throw in the towel, but reality won’t even let them.

The truth is that technology isn’t going away.  The other truth is that neither are the security risks.  I know at times it must seem that the world is falling apart around us electronically, especially after the last week with the WANNACRY ransomware attack.If you are unfamiliar with what has been going on, last week a ransomware infection started in Europe and has now infected thousands of computers in hundreds of industries across more than 150 countries.  The hardest hit was most likely the NHS (National Health Service) in the UK.  Many hospitals had computers and equipment infected and rendered useless, at least temporarily.  It has been a very scary time.

If you are unfamiliar with what has been going on, last week a ransomware infection started in Europe and has now infected thousands of computers in hundreds of industries across more than 150 countries.  The hardest hit was most likely the NHS (National Health Service) in the UK.  Many hospitals had computers and equipment infected and rendered useless, at least temporarily.  It has been a very scary time.

If you’d like more specifics about the infection I’m including several links to other, more detailed articles for you to read.  The short of it is that a weakness in an older, outdated and unsupported version of Windows (XP) was exploited.  The worst part, other than the outdated operating systems, is that the infections came via PHISHING attacks.  PHISHING involves people receiving infected emails they think are legitimate and it is the most common method of distributing this type of attack.

I don’t want to get bogged down in the details of this today though.  What I want to do is acknowledge that there are so many of you out there that just want to live your lives and trust the technology you have to increase the efficiency and quality of your life.  That, after all, is its intended purpose.  Nothing new comes without risk, but I know many of you ask why you should be a technology expert just to stay safe online.

The truth is that you shouldn’t have to.  You should be able to trust that the technology you use is safe, for you and for your family.  That is mainly why we created Cyber Watchtower.  We want you to be able to just enjoy life and use these technological tools without fear of all the risk that comes with it.  I make it my mission to educate and help people with these issues as much as I can because I know they scare and intimidate most of you.

We will try to keep you as informed as we can.  Just remember, we are here for you if you need us.  Do not hesitate to even just ask us questions if you need a better understanding of something.

Take care of yourselves out there.

As always, stay connected. Stay safe.

Austin Bynum
Chief Watchman
Cyber Watchtower

2016 – The Good, The Bad, and The Scary

2016 was quite a year in regard to the internet and its usage, not to mention users’ increase in security awareness.  While those things are positive, we also saw an increase in security breaches as well as an increase in the complexity of attacks the hackers and other malicious parties are using.

According to Gina Smith from and Internet World Stats, 2016 saw an increase to the tune of just under 3.7 billion internet users world wide.  The increase represents roughly a 10% increase from the previous year, but more astoundingly, mobile usage saw an increase of roughly 17% by adding over 280 million users.

I promise, I’m not trying to bore you with stats.  I just think the numbers help to fully understand why all of our lives are so much more at risk online than they used to be.  What’s more fascinating is that while North America only represents 8% of the internet users, the United States itself leads the world in overall online spending.  It’s no wonder we make exceptional targets for malicious activities like identity theft and credit card fraud.

The malware that is responsible for so many of data loss and security breaches continues to become more and more complex, almost by the week.  These days, most security professionals will tell you that a simple anti-virus program just isn’t enough anymore for your protection.

What’s amazing is that even with the increase of users and the increase of awareness of those users, the bad guys are still finding their way into our systems and devices by using the same old tricks most of the time.  According to TrendMicro, 91% of system infectious of malware are still coming from successful PHISHING attacks.  That means that users are still clicking on links and opening files in emails that are infected and they are not from who they say they are from.  To be fair, the PHISHING emails themselves have become very, very good and look very official most of the time.

TIP:  As always, don’t open emails from people you do not know or you are not expecting.  If it is from an official site or company, remember to be skeptical, especially if you are not expecting the email.  For example, this time of year, the bad guys like to use emails the appear to be from the IRS, but they end up asking you for information then stealing your identity.

As much as you need the proper tools and services to protect you, remember that you are your best protection agains these issues.  Use the internet and your email wisely.  Pay attention to ANYTHING that seems out of the ordinary on your computer, your phone, your bank account, your credit cards, or anything else that could mean a breach of your security and information.  Even a hack of your social media (i.e. Facebook, Twitter, etc.) could mean the beginnings of a larger attack on you as a person.

2016 was a growing year in many ways, but not all of them good.  Remember that Cyber Watchtower is here to help you with information and services to help keep you life more secure.    The internet is going to get more crowded as the years go on, so let us help keep you safe online.

Austin Bynum
Chief Watchman
Cyber Watchtower