Today we are launching a new blog series titled “30 Days to Better Security.” Our goal is to provide a series of articles over the course of the next 30 days that can help users become more educated about cybersecurity. Needless to say, cybersecurity is a concern not only for enterprises but also individuals, families, government and educational institutions.
While most enterprises use sophisticated security solutions to achieve a high level of protection, consumers and smaller organizations must also protect their devices, data, and identities from cybercrime. Understanding the different types of malware attacks and knowing how to spot and avoid them is a critical part of protecting your devices and data. In the first part of the series, we are going to get back to basics and provide you with information you need to better protect yourself from some of the most common types of malware, including ransomware, phishing scams, spyware, adware and more.
Know the Enemy
As simple as it may sound, one of the best ways to help protect yourself from cybercrime is to educate yourself about cybercriminals and the common types of attacks they use. With the exception of nation state actors and hacktivists, cyber criminals today are motivated by financial gain. Their attacks are generally designed to steal your personally identifiable information (PII), such as your date of birth, government identification numbers, and financial data such as credit cards numbers and login credentials to online banking and investment sites. In this first post, we’ll review the most common types of modern malware attacks and knowledge and practices to help you prevent and counter these attacks.
- Malware: We thought it would be a good idea to start by providing a definition of malware as it is a term that is used a lot in cybersecurity. Malware is a broad term that simply means any software that is intended to disable or damage computers and computer systems, or transmit data from them to a third party without the owner’s knowledge. The term is short for malicious software and most of the attacks you hear about fall under the term malware.
- Phishing: A phishing attack uses emails and / or websites designed to look like they are from known entities and established brands to trick users into clicking on links that infect the device with malware or trick the user into entering credentials or other private and sensitive data.
- Spyware: Spyware is a stealthy type of malware designed to get onto a user’s system without their permission or knowledge. Once on the device the spyware takes control, allowing the fraudster to potentially see everything the user does in terms of website visited, emails read, and applications used. Spyware can even take over your webcam and microphone, recording video and audio that can be uploaded back to the attackers servers.
- Adware: adware is a type of malware that generally hijacks a user’s browser settings to present unwanted advertisements from which the attacker is able to make money. Adware is generally stealthy as the attacker would like for the adware to remain undetected on your PC as long as possible.
- Ransomware: As the word suggests, ransomware is malicious software that blocks the user’s access to their own system or data till a ransom is paid. These programs take advantage of a vulnerability in the system or the applications being used to steal passwords, identities and extract personal information.
Of course there are many other subtypes of malware, some of which we will cover later in this blog series. In this post however, we’ll focus on some simple but effective practices that can dramatically lower your chances of becoming the next cybercrime victim.
CyberDefense 101
We will go into more depth and detail about these attacks in future posts. In the meantime, here are 10 simple and sensible tips for protecting your devices and data from the most common attacks, and recovering from an attack if you do become infected.
- Keep up to date: Keep your system BIOS, operating system, applications, and web browsers up to date. Most reputable software companies provide regular or periodic updates to their products that not only add new features but also fix bugs and security vulnerabilities.
- Use your spam filter: Use your email program’s spam filter to prevent receiving unwanted or suspicious emails. Do not click on links or open suspicious looking attachments – not only from unknown sources, but even from friends or brands, if the email does not look authentic or comes from an email address with a domain name that’s different than company’s primary domain name.
- Use strong passwords: The average person generally has accounts on many websites and services, and managing these passwords can be challenging. Many users end up using weak, easy to remember passwords composed of common words, names, dates, etc. Strengthen your passwords by using a mix of small and capital letters, numbers and special characters, or using a long easy to remember phrase.
- Use a password manager. One way to take the burden out of passwords is to use a password manager. Password managers store all of your passwords (and other types of private information) in an encrypted vault and integrate with your browsers and applications to make logging in simple by using a one master password. Password managers can also automatically generate strong passwords for you when you are creating an account or updating your password on a website taking the
- Social media: The privacy practices of social media firms has been in the news recently. It’s a good idea to periodically review the privacy settings for your Facebook, Twitter, LinkedIn, and other social media accounts and make adjustments as needed. Don’t allow your private personal information to be displayed to your social connections or the the general public.
- Backup often: The best insurance policy against data loss is frequent and automated backups. There are many data backup programs available, and K7 Ultimate Security includes a data backup feature as well. The key is to automate your backup routine so that you don’t have to think about it and have a backup when you need it.
- Watch where you go: On the Internet it’s very easy to stray onto a malicious website. It may look like a well-known brand’s website but, upon close inspection, the spelling may be slightly different – or perhaps there’s a small difference in the look of the site. Modern web browsers have safety features that can block or warn you if you end up clicking to a malicious site. . Overall, stay observant.
- Encrypted websites: When buying online, make sure the website is SSL (secure sockets layer) encrypted. The URL should start with https: instead of http: and there should be a lock icon displayed next to the URL.
- Keep your private data private: Be careful with what you reveal online. Never share online financial account information, passwords, etc via email or social media accounts – even with friends and relatives.
- Protect yourself: While all of these recommendations will help reduce your risk, the reality is you can still become infected with malware. A reputable and certified security solution like K7 Total Security is the best way to reduce your risk and protect your devices and data. And of course make sure your security software is set to update automatically to ensure you always have the best protection available.
In part two of this series we’ll be doing more of a deep dive on the subject of ransomware and how to avoid becoming a victim.