My original topic for this blog entry was going to be purely focused on Email Phishing attacks and how to spot them. While researching statistics in the latest Verizon Data Breach Investigations Report I realized that I should expand my topic to include the top three security breaches facing you and your company:
- Hacking attacks
- Malware attacks
- Social attacks
No one is immune from these attacks and having a cursory knowledge of and safeguarding against these security breaches might just prevent you from becoming famous for all the wrong reasons.
Hacking attacks are on the rise and refer to threat actors (bad guys) out on the internet attempting to break into your computer. Hacking tools are getting more sophisticated and easier to deploy. An ornery teenager with a laptop can easily become your worst nightmare.
As the internet grows and more countries come on line, the number of bad guys increases. To compound this, technology continues to advance creating a lot of outdated hardware and software in its wake. The older the system, the more vulnerable it becomes.
What can you do? The single best way to secure a computer is to keep its software current. Think of updates as the low hanging fruit of computer security.
We all know and have experienced the varying levels of frustration as our software decides to update itself right before that big meeting or when we just need to send a quick email. To make the process a little easier, it is best to be both proactive and thorough.
Microsoft comes out with security updates on the second Tuesday of each month (Black Tuesday). If your computer is configured to automatically update windows (hint: it should be) these updates will begin spontaneously downloading and installing (perhaps at an inopportune time).
If you don’t want that surprise “Installing Updates, Please Wait” message to appear just as you are putting together that time sensitive presentation, set an alarm to manually start the updates when it’s most convenient for you. Click these links to learn more about Manually Installing Windows Updates at Microsoft.com.
Take the same approach and update your other software as well.
- Update your browser. See my previous post How Secure is Your Browser.
- Update all of your Adobe products. This includes Flash, Reader, Acrobat, Etc. Adobe has an auto updater, but since we’re being proactive, go right to the source at Adobe.
- If your computer uses the Java Runtime, there is no better time than now to check the Java.com website for updates.
Malware is short for Malicious Software. It’s only purpose is to complicate your life. Some malware will lock all your files and ask for a ransom while others work silently, installing a back door for an attacker to access your computer a later date. Following these pointers should prevent most malware issues:
Always keep your Anti-Virus (AV) software up to date. If you don’t have AV software, stop what you’re doing and go get some. Running your computer without AV software is like tightrope walking without a net; you don’t really need it until you need it, and by then it’s too late.
Don’t Install Free Software. While there are plenty of legitimate software companies out there offering free versions of their software, there are more who would love for you to download and install their malware. Malware is usually disguised in an email or internet ad as something useful and free. Once you double click on that piece of malware, the game is over. Uninstalling the software won’t remove it. If you’re lucky your AV software will catch it before it is installed. If not, you may want to start looking for a new computer.
Think before you click that link! Email attachments can contain malware. Before you open that attachment, think first:
- Were you expecting it? Don’t open attachments you aren’t expecting, ever. If you think it’s legitimate, give the sender a call to confirm. Use the phone number from your address book and not the one in the email. If you don’t have a phone number for the sender, maybe you shouldn’t be opening attachments from them.
- Does the attachment make sense? Most legitimate companies won’t send email attachments unless you’ve requested them. For instance, Microsoft won’t ever send a Windows Updates as an attachment.
- Check the attachment extension. Images and some documents may be safe to open, but there are many attachments that are dangerous to open. The list of dangerous file types is extensive. If you would like a more in depth look at dangerous file attachments, head over to HowToGeek.com.
- Slow down. If the funny cat video that Janice in accounting sent looks too funny NOT to open, take the time to read carefully any popups or warning messages displayed after clicking the attachment and decide if you should proceed or not. There may still be time to save yourself after you take the bait.
Social Engineering Attacks
Social engineering is the science of playing on people’s emotions to get them to do things they normally wouldn’t. Gone are the good old days where the exiled Prince of Nigeria asks for your bank account information with the promise of sending money. Today’s social attacks are far more refined, but they all have some traits in common:
- The message appears to come from someone you know or with which you do business.
- The call or message is unexpected.
- The messaging incites anxiety, fear or another emotional response.
- The solution normally involves you giving something away.
If an email or phone call arrives out of left field or comes from someone you know but the messaging seems out of character for them, be suspicious of its intent. Similarly if the theme of the message is dire consequences without immediate action or demands you provide cash or give up personal information like login credentials, bank information, put your guard up. When in doubt go to the real source of the inquiry and see if it’s legitimate.
There is no specific company size, industry type or organization location that is off limits from a cyber attack. That said, there are many steps you can take to deter criminals from draining your bank account and making your life miserable. Cybersecurity is serious business and worth the extra time is takes to reduce your risk of a security breach. Take the time to be proactive with your updates, think before you click and stay smart instead of emotional and you can keep from falling prey to the bad guy trolling the internet.