Recent ransomware attacks are a reminder to many of us that all systems are vulnerable. Everyone must take further steps to level up their online security measures.
Why online safety and security is important?
Online safety and security is important because all it takes is one vulnerability to compromise an entire system. Still many individuals and small businesses are unaware of the many forms of cyber-crime therefore, are often unaware of how to reduce the chances of becoming a victim. Hackers stealing your financial information is not the only form of cyber-crime. So, the first step to protecting yourself online is awareness and education. Here are some of the most common types to be aware of:
- Password Attack – Obtaining passwords is the most common and effect approach to cyber-attacks. Cyber criminals can get your passwords by snooping on an unprotected (unencrypted) network or a brute force attack which is the cyber equivalent of trying every key on your keyring.
- Phishing – A phishing attack involves sending emails to appear to be from trusted sources with the goal of gaining personal information or influencing the recipient to do something such as download an attachment or click a link. That attachment can load malware on your computer and that link can trick you into loading malware on your system.
- SQL Injections – With the popularity and prevalence of database driven websites, SQL injections have become more common. The hacker uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed. This information may include sensitive company data, user lists or private customer details.
- MITM (Man in the Middle) – A Man in the Middle attack is like eavesdropping. A MitM attack occurs when a hacker inserts itself between the communications of a client and a server. All the cyber criminal needs is to gain access to an unsecured or poorly secured Wi-Fi router. These types of connections are generally found in public areas with free Wi-Fi hotspots and even in some people’s homes if they haven’t protected their network. Attackers can scan the router looking for specific vulnerabilities such as a weak password.
- Malware – Malicious software can be installed on your system if it is not protected. Viruses, Trojans, file injectors and Ransomware are all examples of malware.
- DoS (Denial of Service) – DoS attacks involve shutting down a machine or network, making it inaccessible to its intended users (flooding services) or sending it so much information it forces it to crash (crashing services). These attacks are extremely difficult to identify because they are disguised behind multiple compromised systems. These attacks tend to happen on large networks which is why it’s important to constantly have a team monitoring network activity at all times in order to notice warning signs.
How to protect yourself?
So, you can see from the common types of cyber-attacks listed above that while many small businesses have tightened up their measures at the company level, it’s also important to know that personal activity also has the potential to provide a window for cyber criminals. Therefore, it’s important for individuals to know how to recognize cyber-attack attempts as well as take precautionary steps to protect against it. Here are some of the most basic steps to take towards prevention:
- Keep your devices, browsers, operating systems and software updated – One of the biggest insecurities that can lead to cyber-attacks is related to outdated computers and/or software. Running a business on outdated computers, servers and software is not a good idea. There are signs that tell you that your system is out-of-date such as slow loading times or constant system crashes.
- Don’t reuse passwords and use two-factor authentication when available – Having the same password or an easy-to-remember password for anything can be dangerous. Once a hacker figures out your password, they now have access to everything in your system and any application you use. Use a trusted password generator such as Norton to create unique passwords for all of your accounts.
- Analyze every email in your inbox – Allow your mouse cursor to hover over any links (DO NOT CLICK until you are sure the link is legitimate and from a trusted source). Analyze the “Reply-to” and “Return-path” located in the header of the email. It should lead to the same domain as stated in the email. Don’t open strange emails and don’t click on links from unidentifiable email contacts.
- Avoid public Wifi and protect your Wifi network – Securing your wifi networks and hiding them is one of the safest things you can do for your systems. Be sure to also keep your router device updated. At minimum, do not use public wifi to access any personal accounts but my advice is to avoid public wifi altogether. Unsecure wifi routers are windows for hackers to snoop. Don’t give them one.
- Install anti-virus and anti-malware software on your devices – Anti-virus keeps you protected from older more established threats such as worms and trojans. Anti-malware focuses on new threats. While most operating systems have security measures in place, such as Windows 10 and Windows Defender, you can never be too careful.
- Make sure all of the websites you own and visit are encrypted (HTTPS) – websites are encrypted in order to increase the security of data transfer. Any website, especially those that require login credentials or is used to transmit sensitive data, should use HTTPS. Remember there are levels to SSL certificates, which are just one layer of protection. Be sure to look into additional layers listed here.
- Only use communication platforms that offer end-to-end encryption – HTTPS alone is not enough for the transmission of sensitive data over the internet. End-to-end encryption means encrypting the data at the point of creation and only decrypting it at the point of use. Whether you’re talking about messaging, email, file storage, video conferencing or anything else, this ensures that no one in the middle can see your private data.
- Use a VPN on your network – A VPN is a service that encrypts your data and hides your IP address by bouncing your network activity through a secure chain to another server miles away. What this does is obscures your online identity, even on public Wi-Fi networks, so that you can browse the internet safely, securely and anonymously.
- Train your staff and have a data backup and response/recovery system in place – Making everyone in your organization cybersecurity aware will help mitigate the anxiety caused by uncertainty as well as help protect your business. Here at Verve, we maintain a backup of the backup.
- Teach your kids about the internet and monitor their activity – Ways to protect your children include parental controls, apps and tracking software. But the most effective way to keep your kids safe is to talk with them about online risks, how to avoid them and why it’s important to come to you if something goes wrong.
Don’t be a hack and get yourself hacked! If you need help securing and managing your website, don’t hesitate to give us a call.