By Daniel Moshe
Cybersecurity threats have the power to affect scores of people in numerous ways. Your operating system, email, and even the apps you use every day could be vulnerable, putting you at risk. Let’s take a closer look at how to maintain closer control of your data.
At Tech Guru, we do everything in our power to make our client’s devices as secure as possible. Awareness is a first step in ensuring you won’t be counted among a hacker’s victims. In order to do this, we want you to think like a hacker.
If you’re a hacker about to attack, what is your goal? You’re probably not trying to break into the Parent’s Only section of a 3rd grade classroom. No, you’re looking for some bigger rewards than a homework calendar for your trouble: destruction, prestige, or cash.
Hackers have to break the rules and gather information about you through various vulnerabilities, small and large. Check out the main entry points that result in your data loss and downtime.
Put a Patch on It
Safari, Mozilla, Chrome – these are all examples of a computer browser. The unfortunate aspect of having an unpatched browser is that infections can happen before you even click. You could be susceptible to malvertisements, where malware is incorporated into advertisements, or redirects that send you to a web page infected with malware.
The software that supports a computer’s basic functions, such as scheduling tasks, executing applications, and controlling peripherals is called the operating system. Just as risky is having an unpatched operating system. The virus could spread over a network of computers after doing its damage to yours.
We’ve all gotten those odd email links and attachments. It could look like a note from someone you haven’t heard from in a while who has you in her address book. A click on the provided link would take you to a compromised web page. Sometimes, an attachment in such an email can look innocent enough but actually run malware code.
You’ve received something that appears legitimate, but a download of the file might execute a malicious code to your computer. The same could be true of all those friendly looking applications you acquire with abandon. After authorizing the app to gain access to your email, contacts, and other data, the malevolent software takes advantage to proliferate itself.
Working for That Pay
What is the meaning of a payload in computer security? It’s the part of malware that performs the destructive action. It could be a worm or virus, and it proceeds to delete data, send spam, or encrypt data.
Payloads can enter through:
Keyloggers – A program that records every keystroke, usually in the order typed, to gain passwords
Backdoors – A program that allows unauthorized remote access to a PC
Ransomware – A type of software that blocks access to computer data until money is paid
Adware – Software that pops up advertisements and collects data from you with your consent
These sound pretty scary, especially because the links people click on look completely normal to their untrained eyes.
Real Life Examples
You may have heard about two recent attacks perpetrated on unsuspecting users – WannaCry and Google Docs Phishing.
The vicious ransomware called WannaCry spread worldwide through encrypted data on users of the Microsoft Windows operating system, and the hackers behind it demanded payment in Bitcoin cryptocurrency.
The attack occurred in May 2017 and attempted to spread through email and unpatched computers on shared networks. So far, 327 people have paid the requested ransom to retrieve their files! You can avoid WannaCry by not clicking on the link it presents to you.
Another attack from cybercriminals is called Google Docs Phishing. This one comes in the form of an email from someone you know, offering an invitation to “continue to Google Docs.” But the user is directed to a third party app that simply looks like Google Docs, and then gains access to your email and contacts.
If you’ve allowed access to the app accidentally, you can revoke future access through Google’s Connected Apps and Sites page, where the poisonous app will be called “Google Docs.”
What We’ve Seen
At Tech Guru, we find our clients are vulnerable to clicking on emails that appear to be from people they trust. These may contain links to malware or phishing sites. So if you only remember one thing from this article, we hope it’s this:
Think like a hacker and don’t click on email links that appear suspicious, either because they are advertisements or because they link to a Google Doc. If you’re unsure, err on the side of caution and contact the sender by phone to verify his request.
Cybersecurity is an ever evolving game of cat and mouse. As attackers become more sophisticated they will find new ways to reach our data, and we will find new ways to outsmart them. For now, here are the main ways you can protect your data:
- Employ antivirus software to prevent, detect, and remove malicious software.
- Use hard-drive encryption to encrypt your data so it can’t be read by anyone who doesn’t have the key or password.
- Use backup/drive synchronization to roll back to a previous time you backed up your data. If your drive were encrypted, you could recover your files from a time before the cyberattack instead of paying a ransom to get them back. You could also wipe your computer completely and start over with your backup files.
- Two-factor authentication is something we use at Tech Guru whenever possible. It prevents login on a device without confirmation of a password that is sent to your phone.
- Update your IoT devices and routers.
- Update your computer and apps on all platforms, including browser plugins such as Adobe reader and Flash Player.
- We can emphasize it enough: be wary of emails from people you know and trust. Their email accounts may be hijacked.
- Scrutinize the URLs of websites you click on. Look for misspellings in the domain name.
- Heed security warnings and SSL certificate warnings that tell you to stay away from a site.
And, of course, you can ask us! Tech Guru is always here for you if you’re unsure of how to proceed. Together, we’ll fight cybercriminals at every turn!
Dan Moshe helps business owners in the Minneapolis area with all things tech, and is the CEO of the Caring IT company Tech Guru. He cares about your business as much as you do!