The Basics: Cyber Security 101
Are you vulnerable to a Cyber-Attack?
As technology continues to evolve, so do the many methods used to employ technology for illegal purposes. Successful hackers are clever and innovative. In order for a hacker to remain successful, they must constantly switch their tactics up to combat with improved security protocols. Nearly all the crime that was once committed in person, over the phone, or by mail can now be committed via the internet meaning anyone can be vulnerable to an attack at any moment. Most scams have several things in common, if you can learn to recognize these common elements, then you should be able to spot an online scam before being suckered in.
Common types of Attacks:
1. Phishing – What is Phishing?
- Phishing is the most present form of cyber crime in which a target is contacted via email, telephone or text message by a hacker who is using a fake email disguised as a reliable one. Cyber criminals create phishing emails designed to highlight keywords and passwords hinting towards one’s confidential information I.E. bank account details and personal identification information.
- Phishing emails are meant to instill fear or a sense of urgency in the recipient, for example, the email could be sent from a well-known person or company stating that you over drafted on your ATM card and now need to confirm your card number to reactivate it.
- Phishing emails can also be in the form of a download or an attachment. These downloads will ask the recipient to click on the attachment which ultimately gives the hacker complete control/access to your personal device and information.
What can you do to recognize Phishing emails?
- Triple check email addresses ensuring that emails are being sent from trustworthy accounts. Cyber criminals are known for changing domain names and email addresses in the slightest of ways, so small, that you may not notice.
- Think before you click – if an email is abnormal in any way, do not open it. You can cross check this by checking the URL of the email and then comparing it with the original URL in the message.
- Be competent – the main problem in security today is not the efficiency of our security rather how we manage our employees and are we taking extra measures to protect ourselves and our data.
- Changes in browsing habits are recommended to prevent Phishing. If verification is required, always contact the company personally before entering any details online.
2. Malware – What is Malware?
- Short for malicious software, considered to be a combination of annoying viruses intended to cause harm to a single computer, server, or network by secretly accessing without the user’s knowledge.
- Malware gains access to one’s device through the internet via email, although it can also gain access through hacked websites, game demos, music zips, software, subscriptions, or anything else downloaded from the internet onto your device not protected by anti-malware software.
- Malware can be used for a variety of functions including secretly tracking victim’s activities, stealing or deleting sensitive data, as well as modifying system’s core capabilities.
How to stay safe?
- Be aware of which applications you download on your phone and computer.
- Not every app on the Apple or Google stores are safe and legitimate.
- A slow computer, constant pop ups, spam, and frequent crashes are often a sign that your device may be infected.
- Malware Scanners are available upon purchase, which can be used to remove malware and check if your device is infected.
- Be on guard against any app asking for irrelevant permissions – granting these apps permissions can lead to hackers physically removing critical data (your contacts, past messages and social media log-ins).
Steps to prevent malware:
- Use powerful antivirus and anti-malware software.
- Check the permissions before downloading an app.
- Check reviews and ratings (some reviews will disclose information regarding previous hacks or functionality).
- Avoid downloading applications from third party app stores.
- Avoid all pirated or cracked applications as they are the most vulnerable.
3. Smishing – What is Smishing?
- Smishing is a type of phishing when a hacker attempts to manipulate you into giving them your private information either through a phone call or an automated SMS message. Simply, smishing is any form of phishing that involves a text message through an SMS or a phone number.
- Smishing attacks your trust. Smishers tend to look for anything from an online password, your bank details, or your social security number. Smishers tend to use this information as their first step into eventually applying for new credit in your name.
- Smishing SMS messages can be associated with compressed URL links with deceiving incentives that when open, immediately install malware on the device being used.
How to stay safe?
- Keep your private data disclosed, no one besides yourself should know your passwords or account details, that said, do not reveal any personal details to anyone via SMS or over the phone.
- Use verification’s in order to identify the type of message that has been sent to you.
- If you happen to receive a message from a trusted source, go into your contact list, and verify that the individual who sent the initial message is the same person as the one in your contacts.
- Do not click on links received on your phone unless you are willing to combat the consequences.
- It only takes one bad text to compromise your security.
4. Physical Security Threats – What are physical security threats?
- Any threat directed at your sensitive information that results from anyone having immediate, face to face access to your laptops, hard drives and mobile devices. These types of threats ensue when someone has physical access to your workplace or even at home.
How to stay safe?
- Use multi-factor authenticators to protect your devices.
- Encrypted hard drives, USBs, anything that has sensitive data.
- Never write out your passwords on a note-pad or sticky note as these can be picked up in your office at home by anyone who stumbles upon them.
- Make sure your phone is locked if left unattended – it is best to leave your phone in your pocket or a safe space if it is not being used.
- Properly back up your hard drives and USBs with an emergency clearing system in case your device is misplaced, lost or stolen.
5. Insecure Networks – What is considered an insecure network?
- “Free” WiFi spots such as airport/coffee shops are often left unprotected leaving your sensitive information vulnerable to malicious hackers.
- Anyone can sit in a car outside a coffee shop or airport waiting for the perfect opportunity to strike leaving your critical files, usernames and passwords in the hands of criminals.
How to stay safe?
- Do not connect to open or “free” WiFi.
- If you need to use public WiFi, avoid performing any bank transactions or accessing any critical information while connected.
- Use WPA2 on your home and office WiFi instead of an Open or WEP security which are easily hacked.
Your personal security is in your own hands. Remember to stay cautious and alert at all times. Remind yourself, no one is untouchable. Emails sent by cyber criminals are masked so they resemble a well-known professional or business whose services are used by the recipient. There is someone out there always trying to hack you. These basic security practices mentioned above can help protect you from most hacks, yet no one is beyond reach of a cyber-attack.