10 Ways to Help Stop Cyberattacks In Their Tracks
10 WAYS TO STOP CYBERATTACKS IN THEIR TRACKS
With so much of our personal and professional business happening online these days—on desktops, laptops, tablets, and smartphones—it’s critical that we understand how to recognize and help prevent cyberattacks in their tracks.
Identifying Common Threats
Phishing. Have you ever received an email appearing to be from a bank and warning you that your account is locked because of suspicious withdrawals? The email might have asked you to click a link to verify your identity and keep your account open. Odds are that was a phishing email—an attack by cybercriminals who typically pretend to be reputable companies, banks, friends, or acquaintances in an effort to lure you into clicking a link and revealing personal information, such as credit card numbers, bank account information, or login credentials, like your username and password. According to a new report from PhishMe, phishing accounts for 91 percent of all cyberattacks.
Malware. Malware, or malicious software—think viruses, worms, Trojan horses, and spyware—can be downloaded to your device when you click a link in a fraudulent email. That malware can cause a lot of damage, including deleting files or directory information and gathering data from your system, all without your knowledge.
Ransomware. Some forms of malware can remain hidden, but ransomware, which is often delivered through a malicious file attachment or link in a phishing email, is more obvious. This multibillion-dollar-per-year business encrypts all information on local and network drives and devices, locking users out until they pay a ransom, usually in the form of bitcoin or another cryptocurrency.
Smishing. This newer form of social engineering exploits SMS, or text, messages. The messages can contain links to webpages, email addresses, or phone numbers that, when clicked, automatically open a browser window or email message or dial a number. This integration of email, voice, text, and browser functionality increases the likelihood that users will fall victim to malicious activity.
10 Preventive Measures to Use Today
Given the prevalence of these threats, education, awareness, and good security practices are the most useful ways to reduce the risk of falling victim to them:
1) Educate employees. The reality is that most data breaches are the result of human error linked to attacks like phishing, ransomware, or file downloads. If you’re a business owner, one of the simplest and most effective ways to protect your business from an attack is to train employees about cybersecurity. This can take the form of e-learning, interactive games, presentations and videos, onboarding talks, and hosting regular seminars for employees on how to identify potential threats.
2) Use strong passwords. One of the easiest ways your information can be compromised is through easy-to-guess passwords, and one of the most effective ways to improve cybersecurity is by using strong passwords. Passwords should be long and complex: a minimum of 12–14 characters, with a combination of upper- and lowercase letters, numbers, and symbols. Passwords should not be reused across accounts because if a password is compromised, attackers will likely try to access other accounts using the same one. And you should aim to change your passwords every 90 days.
3) Use a password manager. With a password manager, you only have to remember one password—the one for the manager itself. Meanwhile, the password manager can auto-generate unique and complex passwords to each of your online accounts and store them for future use. It will also alert you if any of your passwords have been compromised. In addition, the password manager can store other critical information, such as PINs, credit card numbers, and answers to security questions, all secured with encryption.
4) Update operating systems. Attackers are constantly looking for older systems they can compromise. That’s why it’s critical to run the latest versions of Windows, Mac OS X, and macOS across your devices to protect against malware and security exploits.
5) Keep antivirus software current. Your computers are only as safe as you make them, so it’s vital to continually update your antivirus software. Antivirus updates contain the latest files needed to combat new viruses as they arise. Be sure to install antivirus software from a reputable vendor and visit vendor sites directly rather than clicking on advertisements or email links, which could be corrupt.
6) Back up data regularly. Regularly backing up your business or personal data will allow you to restore it to a point in time before a breach or hard drive failure occurred, without everything. It’s best practice to store your backups in a secure location separate from your main computer. An external hard drive or flash drive may be sufficient. You might also consider cloud backups, which allow users to back up data and access it anytime on any device connected to the internet. Most cloud storage services provide a large amount of storage space and encrypt the content for data security.
7) Enable two-factor authentication. Passwords protect your accounts and two-factor authentication adds another layer of defense by requiring a second piece of information to log in to your account. The second piece of information is usually a temporary code delivered to a device in your possession, such as your phone. Enable two-factor authentication whenever possible, especially when it comes to your most sensitive data—like your primary email, financial accounts, and health records.
8) Pay attention to website URLs. Before making a payment or sharing sensitive information online, make sure the site’s URL begins with “HTTPS,” not “HTTP,” and look for a closed lock icon near the address bar. Also, pay attention if your browser warns you that a website’s security certificate is out of date. Merely visiting and reading an HTTP website is not necessarily risky but entering sensitive information on such a site is.
9) Secure mobile devices. Despite their convenience, mobile devices pose unique security risks. Although it might be tempting to postpone an update for just one more day, it’s crucial that you keep your devices—all their firmware, operating systems, and applications—up to date with the latest security patches. So, when prompted, install! In addition, use a strong lock-screen passcode, preferably at least six digits, which is the first line of defense in protecting any mobile device.
10) Take care when using public Wi-Fi. Unsecured public Wi-Fi found in popular public places like airports, coffee shops, malls, restaurants, and hotels may allow an attacker to intercept your device’s network traffic and gain access to your personal information. While it’s great to have free internet access, avoid sites where you’ll need to enter sensitive information, such as banking or credit card details.
Knowing these cybersecurity basics and putting them into practice both in the office and at home can help you protect your data and reduce the risk of a cyberattack.
Cahill & Associates Financial Services, LLC