It is an unfortunate fact, but cybersecurity is now a serious consideration for every company. Gone are the days when security was something that happened to someone else. Now, security awareness is as much a part of the company culture as the coffee break.
Why is this so?
Well, the massive increase in cyber-attacks in the last 5-10 years is one reason. Versions of malware, the malicious version of software that causes infections like ransomware, just keep on rising. We must now ensure that employees are taught awareness and how to guard against being exploited by cybercrime.
But this awareness of security issues is also because of the changing ways that the cybercriminal operates. The old ‘hacker’ image is replaced by the sophisticated trickster who understands human behavior. Social engineering is the cyber tool of the century.
And then there is the mass availability of malware. Malware-as-a-Service means that anyone can get their hands-on malware and use it to make money. Cybercriminals are making cybercrime into big business, and the cost is our business, our clients, our personal information, and our jobs.
The end result is that many companies are staring down the barrel of cybercrime. But the fightback has begun in earnest. We can beat the cybercriminal at their own game by understanding what they do and how they do it. Security awareness training has entered the ring giving us the upper hand in the defense against cybercrime.
Being security aware is not just about knowing what a phishing email looks like, although this is part of it. Security awareness covers literally every aspect of working life and includes home life too – especially if you work remotely or whilst travelling.
What is Malware?
“Malware” is short for “malicious software”. Malware is software code or computer programs designed to infiltrate and damage computers without the users consent. “Malware” is the general term covering all the different types of threats to your computer safety such as viruses, spyware, worms, trojans, and rootkits and so on.
Cybercriminals will place malware in sites and/or files the user believes to be completely legitimate. When you download an mp3, video file, or any other file or software from suspicious sites, malware can be downloaded into your PC completely without your knowledge. Sometimes just going to an infected site is enough to become compromised. Similarly, malware can get into your PC if you click on links from suspicious emails sent from unknown email addresses. Sometimes the email may even look like it is from someone you know or a legitimate source, this is called spoofing. The cybercriminal will attempt to deceive into believing the email is legitimate and have you click on a link or attachment that is in fact malicious and designed to exploit your system and files.
So How Do We Protect Ourselves from Malware?
Think before you Click.
This is probably one of the most important things to remember to safeguard against cybercrime. Avoid websites that appear shady, have numerous pop-ups, or provide pirated material. Do not open an email attachment from somebody or a company that you do not know. Do not click on a link in an unsolicited email. Always hover over a link (especially one with a URL shortener) before you click to see where the link is really taking you. If you have to download a file from the Internet, an email, an FTP site, a file-sharing service, etc., have Helpdesk scan it before you run it. A good anti-virus software will do that automatically, but make sure it is being done.
Keep Your Personal Information Safe
This is likely the most difficult thing to do on the Internet. Many hackers will access your files not by brute force, but through social engineering. They will get enough of your information to gain access to your online accounts and will glean more of your personal data. They will continue from account to account until they have enough of your info that they can access your banking data or just steal your identity altogether. Be cautious on message boards and social media. Lock down all of your privacy settings, and avoid using your real name or identity on discussion boards.
Never Use Open Wi-Fi
When you are at the local coffee shop, library, and especially the airport, don’t use the “free” open (non-password, non-encrypted) Wi-Fi. Think about it. If you can access it with no issues, what can a trained malicious cybercriminal do? Cybercriminals will hang out in these locations and wait for someone to log on. You will not even know someone has accessed your system until days or weeks later when your files and passwords have already been compromised.
Use Multiple Strong Passwords
Never use the same password for multiple accounts. Typically, we use the same email address or username for all of our accounts. Those are easy to see and steal. If you use the same password for everything, or on many things, and it is discovered, then it takes only seconds to hack all of your accounts. Use a strong password. Use lower case, upper case, numbers, and symbols in your password. Do not use dates or pet names. Never write your credentials down and leave them where someone else can see or find them. Your passwords should be easy for you to remember but difficult for someone else to guess.
As always, thanks for reading and stay safe!