If you think cybersecurity is all about protecting your networks from some young, tech whiz hacking into your system from a remote location, you may be interested to read that nearly 75% of security breaches happen internally, caused by an organization’s own employees. This month is National Cybersecurity Awareness Month; so if your knowledge of technology is a little patchy, what better time to get up to speed on the latest cybersecurity threats that could endanger your business?
1. Malware such as computer viruses, Trojan horses and worms
Malware, or malicious software, is distributed primarily through email, the Internet and instant messaging. While viruses and Trojan horses need human interaction, worms can spread on their own. Although antivirus software and firewalls are moderately effective in detecting and blocking malware, you should only visit websites you trust, never open attachments from unknown sources and verify any software you download – especially if it’s free.
If you have ever been interrupted by an unknown security alert, frequently pop-ups adorned with bright red exclamation marks, you may have experienced scareware tactics. Scareware tries to manipulate users into downloading fake antivirus software that contains malware. If you receive a suspicious warning, contact your IT department to validate its authenticity. Additionally, don’t ever click on the buttons that say action items, such as “Download” or “Free Scan.”
Phishing sites pose as credible websites with the intent to steal your information. For example, you may get an email from your (fake) bank stating that you need to log in to verify a charge. The website captures your username and password as a result. The best way to subvert these attempts is to look at the domain name and make sure it’s correct. Typically, a fake domain name will look almost identical to the valid one, so you must check every character.
4. Attacks on client-side software
Most companies focus their security efforts on server-side attacks. However, the current trend is shifting towards client-side attacks, which transmit malicious code through web browsers, email, file transfer protocol (FTP), instant messaging, etc. It is crucial that your organization patch operating systems AND applications. Make sure your browsers have the automatic update feature turned on for both the browser and any plug-ins you may have downloaded. Use hard-to-crack passwords for FTP login and don’t save them to your FTP client. Moreover, always use SFTP (Secure FTP) instead of regular FTP.
5. Social network attacks
With social media outlets on the rise, hackers are targeting sites like Facebook, MySpace and Twitter because users are usually linked to people they trust. While some attacks are up to the provider to prevent (see the Twitter attack last month), you can do your part by creating a strong password that is changed regularly, refusing to friend strangers, fighting the urge to click on questionable links and not sharing your login credentials with anybody.
6. Cloud computing
Cloud computing refers to the use of virtual servers, usually subscription based, that unburden organizations from having to maintain and support local servers. When choosing software products that store your data in the cloud, quiz potential vendors thoroughly about security and server configuration and make sure that another user infected with malware would be unable to compromise the security of your stored data.
7. Wireless mobile devices
The most common cause of a data breach is an employee losing a device, whether it be a laptop, smart phone or USB drive. To protect such devices, make sure phones and laptops are password or PIN protected and purchase laptop-tracing software. Furthermore, don’t keep sensitive information or documents on your desktop or hard drive – utilize the secure company network instead.
Marlia Fontaine-Weisse is the Content Manager for Preparis.