IT Security experts know that when it comes to protecting yourself from emerging threats, it’s usually not the cybercriminals you need to worry about – it’s your friends and family that are on the inside – informs Joe Schembri in his article for RMN Digital.
Whether it’s by clicking on email attachments, punching holes in your virtual security walls to play the latest online game, or offering hackers free reign into your home network via USB thumb drives, your family and friends’ behavior could be the biggest threat to your IT security.
And while hackers were once content with creating disruptions, they are now making serious amounts of cash – so every security breach carries more risk for you. Plugging up the holes that become openings for hackers is essential – and it begins with educating yourself about phishing, malware and IT security.
Phishing, Spear-Phishing and Whaling Defined
Hackers use phishing scams to lure Internet surfers into revealing personal and financial information. Through spam emails that mimic legitimate financial institution correspondence, phishers have accessed millions of victims’ accounts. Phishing schemes increase during holidays, when users are shopping online.
Many expect emails from their bank or PayPal, so when they receive a phishing email asking them to update their username and password, they think nothing of doing it. And the hackers win. Again.
Where phishing is broad-based and random, spear-phishing is more focused, usually targeting a specific firm for access to confidential data – either for financial gain or trade secrets.
Spear-phishing emails appear to come from within the company or a trusted source, and often contain urgent messages. Some accuse recipients of spamming; others inform them they need to appear in court. Phony “evidence” or “subpoenas” are attached to the email; concerned recipients click on the attachment and unknowingly infect the system with malware.
A new method of spear-phishing uses Google alerts to infect computers with malware. Many companies, and even some people, track online activity involving their company or names through these alerts. Hackers have learned that publishing a phony article will generate an alert that users will usually click on – taking them to a malware-infected website.
Whaling is another form of phishing which specifically targets home networks. While the target is usually a high profile official, it can also happen to the average person. In the instance of targeting an official such as a corporate executive, hackers count on at least one manager having an unsecured home network, which will eventually connect with a company laptop – providing access to the corporate network.
Preventing Security Breaches through Education
The message is clear: “Do not click on email attachments unless you are 100% sure of their legitimacy. If in doubt, contact the actual company to confirm.” This small tip could save countless people from spending valuable resources fixing security breaches.
Additionally, here are these seven critical IT security tips that work:
- Keep up with the latest scams and threats. It’s not enough to install antivirus programs; educate yourself on what’s going on with cybercrime today.
- Warn family and friends about the threat from USB thumb drives. Hackers know that many people think nothing of accepting a free USB drive as a giveaway and plugging it into their networked computer. So hackers embed the drivers with viruses, malware and keylogger software, pass them out at events, and then steal private information.
- Help spread the word by reminding friends and family not to leave laptops or tablets unattended in public. While they’re stretching their legs at the airport or waiting in line at a coffee shop, a data thief could plug in a thumb drive and infect the device.
- Install full malware protection: phishing filters, antivirus, antispyware can go a long way to protecting personal data.
- Beef up security on all mobile devices – phones, laptops, tablets – that may contain personal information.
- Utilize appropriate software to prevent unauthorized devices, such as those with out-of-date antivirus software, from accessing your network.
- By reading up on the latest IT security training information will keep the topic fresh in your mind.
Educating Yourself on IT Security is the Best Form of Prevention
While many of the attacks described here are highly sophisticated, they are not impossible to avoid. When educated about phishing, spear-phishing and whaling scams, they naturally become more suspicious when hackers target them. And when you keep updated of the latest IT security trends and follow some of these simple tips, you’ll stay one step ahead of cybercriminals.
Joe Schembri lives in Tampa, Florida (USA) and has worked in IT for over 10 years. He currently has his CEH (certified ethical hacker) designation and is reviewing material for the CISSP (Certified Information Systems Security Professional) exam. He works with Villanova University’s online security training programs and for fun cleans viruses from family and friends’ computers.
This article is a part of our initiative: Tech-Wise Knowledge Center for SMBs.
Editor’s Note: Writers are invited to contribute their articles for different sections of the RMN Digital site. You can contact us here.