Cyber security, also referred to as information technology security, is the act of protecting data and information systems from unauthorized access, unlawful modification and disruption, disclosure, corruption, and destruction.
Implementing good security practices doesn’t have to be difficult or expensive, however. This blog post focuses on a few easy ways that you can improve your cyber security.
Install Operating System Updates
Most software vendors release updates to patch or fix vulnerabilities, flaws, and weaknesses (bugs) in their software. Because intruders can exploit these bugs to attack your computer, keeping your software updated is important to help prevent infection.
Be sure to enable Windows Update on all of your PCs and Update OS X on all of your Macs. And when your mobile phone notifies you that important updates are available, don’t put them off – take a few minutes and update your phone!
If your business runs an on-premises server (ie NOT a cloud server), then you should pay careful attention to operating system updates. Be sure to create a full system backup before installing critical OS updates on your server – it’s important to have a “rollback plan” just in case the update breaks something on your server.
Installing an antivirus and antispyware software program and keeping it up to date is a critical step in protecting your computer. Many types of antivirus and antispyware software can detect the possible presence of malware by looking for patterns in the files or memory of your computer. This software uses virus signatures provided by software vendors to look for malware.
If you’re not running AV software on your PC, or your AV software license is expired, take action! For small businesses, enterprise-grade AV software is essential, but for the typical home user a free AV solution such as Avast or AVG is adequate.
It’s important to note that antivirus software does not offer total protection against malware infection. In fact, today’s malware authors will often use widely-available crypting services to ensure that their malware is completely undetectable by all of the antivirus tools on the market.
Once the malware is “fully un-detectable,” the malware author will deliver the AV-proof malware payload to their victims – often by way of a phishing email.
Beware of Phishing Emails and Social Engineering Attacks
What’s a “phishing email”? Phishing is a form of social engineering, a sophisticated threat involving the act of manipulating users into revealing confidential information or performing other actions detrimental to the user.
Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy individual or organization. For example, an attacker may send email seemingly from a company executive or reputable financial institution that requests account information, often suggesting that there is a problem.
When users respond with the requested information, attackers can use it to gain access to the accounts. The scope of phishing attacks is constantly expanding, but frequent offenders tend to:
- Embed a link in an email that redirects the user to an unsecured website that requests sensitive information
- Install a Trojan via a malicious email attachment or ad which will allow the intruder to exploit loopholes and obtain sensitive information
- Spoof the sender address in an email to appear as a reputable source and request sensitive information
- Attempt to obtain company information over the phone by impersonating a known company vendor or IT department
The bottom line is: don’t open email from unknown sources. Be suspicious of unexpected emails that include attachments whether they are from a known source or not. When in doubt, delete the file and the attachment, and then empty your computer’s deleted items file. Don’t click on any URLs or links in the email if you are not sure of it’s origin.
Use a Password Manager
Passwords are a pain. We’ve all been told to use strong passwords, hard-to-guess passwords, passwords that should have at least 8 characters with a mixture of uppercase and lowercase letters as well as numbers and symbols, passwords that should be changed frequently, etc.
The problem is that using and remembering so many complex passwords for all of our online accounts is a difficult undertaking. Because of this, the majority of people unfortunately use very weak passwords and reuse them on different websites.
But how is one supposed to use strong, unique passwords on all the websites you use? The solution is to use a password manager.
Password managers store your login information for all the websites you use and help you log into them automatically. They encrypt your password database with a master password – the master password is the only one you have to remember. Combined with two factor authentication (2FA), a password manager is an extremely effective and safe way to protect your online accounts.
Although these were large-scale attacks carried out by sophisticated hackers against big organizations, individuals and small business owners should not be lured into a false sense of security just because they are “small targets”.
We want you to have a safe and secure 2021. Please watch out for phishing emails and other social engineering attacks, and take the basic steps outlined above and update your software, employ an antivirus solution, and properly manage your passwords – you’ll be happy that you did.
If you’re concerned about your cyber security and need help with anything discussed in this article, feel free to contact me.
(This blog post has been updated from it’s original publish date of December 2016)