Imagine being locked out of your home … or imagine all your possessions being stolen. We spend time, effort and resources to protect ourselves from physical crime, but we fail to dedicate the same to the insidious invisible assault: computer-based, or ‘cyber’ crime.
CYBER SECURITY – Are you secure?
There’s a good reason ‘Cyber Security‘ has become a common phrase. Ireland is actively targeted by waves of cyber attacks that are growing in frequency and sophistication.
A friend recently admitted to me that distressed clients regularly call him when their firms become victims of dreaded ‘Ransomware’ attacks, while a recent survey revealed that half of Irish businesses did not believe they needed to protect their business against cyber crime.
Small and medium enterprises (SMEs) are just as likely to be hacked than larger firms. Unfortunately, SMEs do not tend to have the resources – time or knowledge – to effectively counter the threat.
‘Ransomware’ has become a huge issue. Through clever manipulation of staff and/or systems, criminals get a program onto your home or business computer, and then encrypt or lock away your personal files, preventing you from accessing your own data.
They then demand money to restore your own data – with the threat of permanent deletion if you don’t pay up. Shockingly, these are professionally-run organisations with actual call centres and working staff. Though the ransoms demanded are generally modest (around €400 – €1000, but can run higher) it is a form of extortion that exploits the vulnerable.
Like the highwaymen of yore, it’s a simple choice of your money or your files. The latest figures indicate that up to 23% of Irish organisations have already been held to ransom in this way.
There are many different types of attacks, some more malicious than others, and not all of them are as obvious as Ransomware. Here are a few examples:
A malicious program. Also known as Spyware, when installed on your computer, the effects can range from slowing it down or making it appear unstable, to quietly stealing your information – your credit card details, personal information, account numbers and photographs are all vulnerable.
Malware tends to be included with innocent software packages or offered as a useful program, without telling you of its sinister goals.
Like a real-life virus, this is a computer program that can spread. It can have many intended purposes, from theft to completely corrupting data on a computer, and moves from machine to machine through networks, USB sticks, CDs and DVDs and other forms of removal media devices.
These titles bring us to a website and they are generally muck designed to get clicks by using a captive title. Facebook can detect these by statistics generated.
If users generally click off the website quickly then Facebook knows the content is generally crap. Few likes, shares and comments also give this away. So again, have quality content or you will be punished.
3. Password Attacks
How many passwords do you use? Are they all the same? Are they easy to guess? I imagine it unlikely that you would give a total stranger the keys to your home. If they get in, they can ransack the place or steal your possessions. An insecure, easy-to-guess password – or one that you use for everything – is a master key to your online data. Anyone with this password key can do whatsoever they wish with your data and your services.
For example, compromised email accounts are regularly used to send spam to the user’s contact list, often with viruses and malware attached. Do you honestly want to be the one to cause problems for your friends, family and work colleagues?
4. DDoS Attacks
One of the more large-scale issues with online systems, a ‘Distributed Denial of Service’ affects system in two ways.
On the more simple level, a mass attack can prevent the public from accessing a company’s website or sales system, losing them sales and attack tries to expose a small hole in a company’s security system by overloading a single website or server, and then goes after an even bigger hole while the company is trying to fix the small hole.
This allows hackers to get into database records and personal private information for clients, which they monitise by selling to others. Vast lists of stolen credit card information is freely available online if you know where to look!
A small company that has the facility to take card information for online sales could, in theory, be in grave danger of exploitation unless they invest time, effort and resources into an effective security system.
Not all pop-up messages on your computer are what they appear to be. Pop-ups claiming to be warning messages from your anti-virus software, for example, are becoming increasing common and attempt to persuade users to download and install a program to ‘fix’ a problem.
We actively recommend that employees should never have permission to install any unapproved program on a company device – ever.
6. Software Updates (lack of …)
If you still using Windows XP – SHAME ON YOU! There is no support for this operating system anymore. This simply means that the hacks and vulnerabilities that are exploited by the cyber criminal cannot – and will not – be repaired by Microsoft.
After all, this is an operating system that was replaced over a decade ago! Windows 7, still extremely popular, will similarly lose support by January 2020. The same is true of Mac users with OS X versions with the name of a big cat. But software updates are not only important at the operating system level – all programs need to be regularly updated to ensure they are secure, effective and protect you and your valuable data.
This is especially important for your security software: you must, must, MUST keep that fresh. If you use a free anti-virus package like Avast or AVG, remember to do regular scans and updates too.
Businesses generally should avoid free versions of security software, as the free packages tend to require the user to manually perform actions that keep everything up to date. Employees often fail to do this as it is often a distraction from their actual work.
7. Wi-Fi Networks
Please keep your Wi-Fi private and secure. A badly secured Wi-Fi can be accessed from outside your premises or home, allowing those that want to cause mischief to gain access to the network, whereupon they can read files, alter data, damage software or even spread their viruses and malware.
8. Phishing Scams
Ever get an email saying you won a pile of money in a lottery? The old adage applies here – if it sounds too good to be true it usually is too good to be true!
Most of these email scams are unsophisticated and simple, though they still claim victims. More impressive scams are becoming common, where a message that appears genuine and correct is sent to you from a company or financial institution, advising you to change your password or to let them know what your password is.
Be most cautious – ask yourself why should a company or organisation that needs your password when you log in might ask you for that very same password in an email? When in doubt, do not click on any link included on the email, and when going to the organisation’s login page, visit it through your browser, not through the email.
These are some of the most common cyber attacks. It is very difficult in a business environment to ensure complete security as many SMEs do not have the resources or skilled personnel to protect against them entirely. Our article next week will deal with how a business might go about protecting itself and preventing a cyber attack from ever taking place