Dealing With Common Cybersecurity Threats
Employees are often cited as the biggest cybersecurity risk, usually due to lack of awareness. It follows that the best way to guard against cyber attacks is to know common threats and how to deal with them. A recent post on the Open Access Government website (https://www.openaccessgovernment.org/employees-cyber-security-risk/57043/) does just that. Here is their list of threats and defenses:
Phishing: According to Symantec 71% of targeted attacks start with phishing scams. Know the telltale signs: not being addressed by name, typos or spelling errors, suspicious email addresses, offers “too good to be true” (they usually are). Do not open links or attachments if not from a trusted source. If in doubt, call the sender or inform your security administrator.
Using unsecured networks: Unencrypted data could be accessed by criminals. Viruses and malware can enter the network leading to denial of service attacks. Symantec has seen an 8500% increase in coin miner malware recently. Using a virtual private network (VPN) will encrypt data and protect users.
Storing sensitive data: Avoid storing protected information on portable devices or taking printouts off-site. Staff must be trained on approved access to personal data, storage and destruction or deletion when no longer needed. Strong passwords are needed for logins and sensitive documents.
Illegitimate apps and programs: They probably contain malware. They can steal data, leak mobile numbers and infect other network devices. Only download apps from official stores and research before installing.
Failure to update software: Updates and upgrades improve security. Hackers and threats are constantly evolving; updates help keep security current.
The Internet of Things: Attacks increased by 600% in 2017 according to Symantec. When mobile devices are connected to a network, a virus can contaminate the entire network. Employees should be trained on which Wi-Fi networks are suitable for downloading apps. A private network for IoT devices is recommended. Devices should have a secure password and be disconnected from the Internet unless needed. Use a strong firewall and firmware protection.