To protect your company, rethink what you reveal on social media, as it is all fodder for social engineers. Develop policies for handling sensitive requests like password resets over the phone. Have a security audit done.

Cybersecurity

Len Calderone for | HomeToys

 

We are just touching the tip of the iceberg in terms of what individuals, companies and government agencies are at the most risk from cyber intrusion. They just don’t have the resources to monitor the massive quantity of intrusions that are going on. In the eighties, if there was a bank robbery, the number of suspects was limited to those in the immediate vicinity at the time of the robbery. Now, bank robbers don't need a mask and a gun. They just need a computer and an Internet connection. This could add up to billions of suspects. Instead of robbing a bank of thousands of dollars, a thief can steal millions by appropriating the bank's customers' personal information.

Today, hackers can steal the credit card information from just about any retail or credit card company, or they can penetrate a company's defenses and rip-off personnel information on the company's employees. These hackers could be organized criminal gangs, working anywhere in the world, who steal financial information; or they could be state-affiliated spies in China, who are pilfering volumes of intellectual property; or they could be saboteurs in Iran or in North Korea, who are trying to disrupt or destroy our critical infrastructure.

Some major U.S. banks suffered “distributed denial of service” (DDoS) attacks, in which botnets, known as RATs, directed high volumes of traffic to the banks’ Web sites, causing them to run slowly or to crash altogether.

Social networks make it much easier for hackers to impersonate your friends. You could receive an email, which on the surface, appears to be from a friend. The email has an attachment, which when you open it, you install malware. Now you have a RAT in your machine, which can capture your passwords, credit-card numbers, and banking information, and can turn on your computer’s microphone and camera. (You might want to be dressed when in front of your computer.) RATs also work on smartphones, turning them into ideal spying and tracking devices.

Hackers can use botnets not only to access and modify your personal information, but to attack other computers, and commit other crimes, while remaining undetected. By using multiple computers, attackers increase the range and impact of their crimes. Because each computer in a botnet can be programmed to execute the same command, an attacker can have each of them scanning multiple computers for vulnerabilities, monitoring online activity, or collecting the information.

If a hacker is using your computer in a botnet, you may not know it. If you discover that you are a victim, it is not easy for the average user to reverse the damage. The hacker might have modified files on your computer—so simply removing the malicious files may not solve the problem. You might need the assistance of an experienced system administrator.

An individual can do things to help secure their computer, such as adding good anti-virus software. Anti-virus software recognizes and protects your computer against most known viruses, so you may be able to detect and remove the virus before it can do any damage. Install a firewall. Firewalls may be able to prevent some types of infection by blocking malicious traffic before it can enter your computer. Some operating systems and security programs include a firewall. Be sure to enable it.  

Select passwords that will be difficult for attackers to guess, and use different passwords for different programs and devices. I personally have over 75 passwords. I have a separate password for every site that I have to log onto. Do not choose options that allow your computer to remember your passwords.

You should also keep your software programs up-to-date so that hackers can't attack vulnerable programs that have known problems. Enable any automatic updates offered by the operating system. Most of us are very trusting when opening emails. If you don't know the sender, don't open it. If the wording looks strange, even if the email appears to be from someone you know, don't open it. Reading the contents of an email should be safe if you have the latest security patches, but email attachments can be harmful. Any type of file can be attached to an email, including .exe program files.

The easiest way to identify whether a file is dangerous is by its file extension, which tells the type of file it is. For example, a file with the .exe file extension is a Windows program and should not be opened. Other potentially dangerous file extensions that can run code include: .msi, .bat, .com, .cmd, .hta, .scr, .pif, .reg, .js, .vbs, .wsf, .cpl, .jar and more. 

Even if you own a small company, don't think that someone won't attempt to hack your system. You might have detailed customer records, proposals, personnel files or R&D plans.  Start safeguarding your company with password protection. With a $300 graphics card, a hacker can run 420 billion simple, lowercase, eight-character password combinations a minute.

Choose a password that doesn't contain a readable word. Mix upper and lower case letters. Use a number or symbol in the middle of the word, not on the end. Don't just use 1 or !, and don't use symbols as replacements for letters, such as @for a lowercase A, as password-guessing software can see through that trick. And of course, create unique passwords for your different sites. 80% of all cyber-attacks are due to a poor password.

Aim for at least 20 characters and preferably gibberish, not real words

Malware Attacks have increase 8% since 2012 with an average loss of $92,000 to businesses. To avoid this loss, run robust malware-detection software like Norton Toolbar. Keep existing software updated and use an iPhone--Android phones are targeted more than any other mobile OS.

Phishing Emails are bogus but official-looking emails, which prompt you to enter your password or click links to infected websites. Phishers steal over $1 billion from small businesses every year. Don’t automatically click on links in emails to external sites--retype the URL in your browser.

Of the last 20 major attacks on corporations, 12 involved social engineering --that’s over 70 percent. It’s easy to spoof any email address. A hacker can go online and create 500 email addresses in an afternoon. S/he can be anyone on the internet from a child to a senior. Why spend days trying to hack software when s/he can look at a social network profile and learn everything about a person?

True story—A hacking group used a person's social media profile to create a document on that person that included everything from his kids’ names and his anniversary to his hobbies and interests outside of work. They called his company, impersonating this guy, to supposedly reset a forgotten password. When the rep asked the standard security questions, the social engineer knew so much about this guy that he knew all the answers. So the company reset the password, the social engineer was in, and proceeded to download 1.1 gigabytes of credit card numbers and erased all of their databases. 

To protect your company, rethink what you reveal on social media, as it is all fodder for social engineers. Develop policies for handling sensitive requests like password resets over the phone. Have a security audit done.

Ransomware is a way that hackers hold your website hostage, often posting embarrassing content like porn, until the company pays a ransom. $5 million is extorted each year. As with malware, don’t click on suspicious links or unknown websites, and regularly back up your data. Use software, such as Kaspersky Internet Security, that specifically checks for new abuses.

We live in a world where we use computers and smart phones every day. Therefore, we must be ever vigilant to protect our personal and business information. It is a lot easier to protect it than to try to reverse the damage after the fact.

 

 

For additional information:

Len Calderone - Contributing Editor

Len contributes to this publication on a regular basis. Past articles can be found with an Article Search and his profile on our Associates Page

He also writes short stores that always have a surprise ending. These can be found at http://www.smashwords.com/profile/view/Megalen

 

Len Calderone

Comments (0)

This post does not have any comments. Be the first to leave a comment below.


Post A Comment

You must be logged in before you can post a comment. Login now.

Featured Product

MIDLITE®'s SPEEDPORT Universal Cable Pass Thru, Fastening & Anchor System

MIDLITE®'s SPEEDPORT Universal Cable Pass Thru, Fastening & Anchor System

Use for any Low Voltage Cabling, A/V, Telecom, Data, Networking Ideal for : Sound Bars & Wall Speakers • Home Theater Cabling • A/V Furniture The SPEEDPORT™ is incredibly versatile and is ideal for wall mounted box speakers, sound bars and wireless access devices mounted in ceilings. It can accommodate almost any device needed to be hung on a wall or ceiling with cable pass thru and mounting. The ultra low profile design features a rubber grommet insert for bulk cable pass thru. Two mounting screws are hidden behind the grommet and offer a clean, unobtrusive presentation. Installation is quick & simple using a hole saw and attaches to acoustical ceiling tiles and/or gypsum board. Reducing labor and a whole lot of mess from hand cutting large rectangular holes - Low voltage brackets are no longer needed. Just cut your hole in the desired location, insert SPEEDPORT™ and tighten adjustable mounting arms to fasten securely.