[BreachExchange] IT experts advise how to stay one step ahead of cyber criminals aiming for your business
Audrey McNeil
audrey at riskbasedsecurity.com
Mon Nov 6 19:02:47 EST 2017
https://www.bizjournals.com/nashville/news/2017/11/06/it-
experts-advise-how-to-stay-one-step-ahead-of.html
Cyberattacks seem to be occurring more frequently and taking down business
operations across the globe, affecting not just enterprise level
organizations, but small and medium-sized businesses as well. These
intrusions often cost organizations in downtime and loss of valuable data.
It’s not all doom and gloom though.
Below are three types of cyberattacks to be aware of and how you and your
managed service provider (MSP) can best protect your organization.
Ransomware
Ransomware is a type of malware that prevents or limits users from
accessing their system. Often times these cyber criminals prohibit users by
locking the system’s screen or locking important files until a ransom is
paid. Without constant network monitoring, these intrusions can cause
catastrophic damage to a business.
Phishing
Phishing is a cyber crime which instructs individuals to provide sensitive
data like personal information, bank and credit card details, or passwords
through electronic forms. Individuals can be notified through email,
telephone, or text message. Thieves use this strategic method to lure you
into giving them your most precious information. Phishing attacks result in
credit card fraud, identity theft, and financial loss.
Spear phishing is an email or electronic communications scam targeted
towards a specific individual, organization or business. Most times this
form of cyber hacking is used to obtain passwords from specific accounts,
but can also be used to spread malware onto devices. For example, you may
receive an email from DropBox asking you to update your account or
password. You may not have a DropBox account, but these hackers are trying
to lure you to click their link and give you their information.
Social engineering
Social engineering is the art of manipulation with the main objective to
steal confidential information from others. These cybercriminals target
individuals to trick them into giving up email passwords, bank account
information, and computer access so they can contact their personal
network. While there are many similarities between phishing and social
engineering, the main difference is that social engineering criminals look
to take a personal approach when contacting people and often take the time
to understand your business, while phishing typically prefers communication
to come from legitimate, popular companies, banks, schools, or institutions.
How can you prevent these attacks?
A few simple tips can provide the best defense and help prevent your
business from falling victim to these threats. Below are a few tips to help
protect yourself and your network from cyber criminals.
Install updates and patches – Many viruses and malware are able to attack
through vulnerabilities in operating systems. As seen with the Wanna Cry
virus in May 2017, Microsoft issued a patch for Windows dating back as far
as 14 years. Users and system administrators failing to install updates was
the primary reason the malicious virus was able to spread. Patch your
systems even if you’re running an unsupported version of Windows XP,
Windows 8 or Windows Server 2003.
Maintain a backup solution – Should the worst occur and you are hit with a
virus, restoring from a backup is the best option. Make sure your files are
backed up regularly to a hard drive that is not shared with other devices
and keep a recent backup copy off-site. Remember, there are many other ways
files can suddenly disappear such as fire, flood, theft or just a dropped
laptop. Backup your files remotely to prevent any of these from becoming a
catastrophe.
Run anti-ransomware programs – Install security software and most
importantly, keep it up to date. Thousands of new malware variants run
every day. Having out of date security software is almost as bad as having
none at all.
Change your passwords – Change your passwords often. It also is
recommended to have different passwords across all your personal networks,
that way if one is hacked the hacker has access to only one network, not
all of them. Once a cybercriminal has access to your personal credentials
they can send personal emails directly to your friends and family as well
as post on social networks looking to collect sensitive information. This
includes email, social media, computer, network, and bank account passwords
and more.
Hover over hyperlinks – One of the fastest ways to verify an email is to
check all the hyperlinks. Take your mouse and hoover over the directed
hyperlink. Make sure that the hyperlinks match the URL they are directing
you to. Be sure to check for spelling errors in the web address, as
sometimes popular websites can be manipulated but contain spelling errors.
For example, if the hyperlink says RJYoung.Com, but when you hoover over it
says RYoung.Com, do not click it. If you suspect the link may be
suspicious, better to not click it.
Use common sense – Is this offer too good to be true? Most of these
cybercriminals will present you with an eye-catching deal to make you think
you have won a contest, most of the time one you did not know you entered
or asking you to claim a prize that is too good to be true. In an instance
like this it is best to remember that if the offer seems too good to be
true, it probably is.
Also, be aware of who is sending the email. Whether you know the sender or
not, does the email make sense for you to receive. If not, do not even open
it. Even accidentally opening the email can cause issues. Most of the time
cyber criminals have a call to action in the email. Whether it is donating
to a fundraiser or asking for personal help, be conscious of how the email
is worded and what they are asking for. Many times, the email will explain
there is a problem you need to verify, notify you that you are a winner, or
ask for help.
Smart tip to remember: A bank will never ask for personal information via
email or suspend your account if you do not immediately update your
personal information. Most banks and financial institutions usually provide
an account number or other personal details within the email. This is how
you can ensure that the email or phone call is coming from a reliable
source.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171106/13f67cfa/attachment.html>
More information about the BreachExchange
mailing list