Computers, smartphones, tablets, and smartwatches have come to change our day to day activities. We trust them with our personal information, our agendas, and even our health data. According to Accenture, computer security threats will cost businesses $5.2 trillion within 5 years *. This is why we would like to celebrate Computer Security Day by raising awareness of possible threats that we may encounter and encourage you to be aware and keep your information as safe as possible.
Some of the most common threats include human behavior/error, ransomware, phishing, malware, and distributed denial of service (DDoS). We will explain each one of them and share some tips to prevent being a victim of these cybercrimes.
This is by far the most frequent enabler of cybersecurity breaches therefore the weakest point for criminals to exploit. How can you encourage your team to prevent it?
Start by increase cybersecurity awareness in your company, with webinars, newsletters, or internal campaigns. Then we encourage you to enforce cybersecurity policies across your company.
Another important practice is to train your collaborators on how to prevent cybersecurity threats that target them, for example, Malicious links distributed through emails (called phishing and described below), poorly guarded usernames and passwords, malware gaining access through personal devices, social media malware, data security on personal and company devices and/or backups, updates, and restore policies. Remember to implement an Incident Response program to have a dedicated team that can help you and your collaborators stop the attack.
This type of attack locks you out of your own systems, encrypts all data, and demands a payment to recovery it. Hackers are non-targeted, non-discriminatory and they affect a whole range of companies and are the main cause of insurance claims.
To prevent a Ransomware attack we recommend you to backup your data, avoid clicking on unverified links, do not open untrusted email attachments, download data from company approved sites only, avoid giving out personal information to an untrusted source, use mail server content scanning, and filtering.
It is also of great importance to keep software and operating systems up to date, use a VPN when using public wi-fi and use security software such as an Antivirus and keep it updated. In case of an attack, isolate the compromised computers, so they don’t infect others on your network. DO NOT pay the ransom, use a ransom decryptor or restore data from a backup. If the ransom is threatening with filtering sensitive information, contact your local security department.
Phishing targets human weakness through deception and social engineering. The hacker takes the form of a trusted person, business, or website in order to deceive the target into handing over passwords and sensitive information.
You may already practice most of these tips, but it never harms to give a double check to some good practice. To prevent being a victim of phishing avoid clicking on unverified links, do not give out personal information to an untrusted source remember to use mail server content scanning and filtering.
Be sure to check the email address of incoming emails requesting information, payments, or requiring you to sign in to a service to check something. Always check the URL of the website where you are entering your information or check the URL with a site like NameCheck, Phishing sites normally take on similar names of what they are targeting ex. Facceboook.com instead of Facebook.com
If you find something suspicious, immediately delete any suspicious email and report it to the cybersecurity team in your company. It is highly encouraged to change your passwords according to the sensitiveness of your accounts, use strong passwords, and never share them. Use different passwords for different accounts. Last but not least, make sure to use Multi-factor authentication.
These types of attacks come in form of spyware, worms, viruses, and others are programs designed to gather and transmit back information to the hacker, some even have the ability to replicate themselves in your system and inject malicious code capable of many things.
To avoid your information being compromised be sure to install antivirus software and keep it up to date. Run Regularly Scheduled Scans with Your Anti-Virus Software. Keep your Operating System up to date. Secure your network with a strong password (WPA2) and MAC filter, and avoided using public open wifi networks.
DDoS is a malicious attempt to disrupt the traffic of a targeted server, service, or network by overwhelming it with a flood of Internet traffic.
Some good practices you can follow are securing your network infrastructure (VPNs, Firewalls, anti-spam, content filtering, load balancing, etc), keep a strong network architecture, redundancy, and follow best practices.
Many companies have developed a denial of service response plan which should include: Systems checklist, a dedicated response team, emergencies contacts in case of an attack, and an effective and transparent, communication strategy with clients.
Let's recap the recommendated Security Policies
Now that you have all this information fresh on your mind, and if you consider it of value, we encourage that you share it with your colleagues, family, and friends so that best practices to protect our data are taken into consideration.
See some examples of the types of projects and ongoing clients we work with.