Cybersecurity

October: National Cyber Security Awareness Month

October is National Cyber Security Awareness Month.  This annual campaign, which began in 2003 as a collaborative effort between government and industry, was created to raise awareness about the importance of cyber security.

Whether we realize it or not, today, the Internet touches almost every aspect of our daily lives. National Cyber Security Awareness Month (NCSAM) serves to engage and educate both the private and public sectors, through events and initiatives, of the importance of cyber security. Through tools and resources the objective of NCSAM is to increase the awareness of safe online practices and resiliency of our nation in the event of a cyber incident.

With recent legislation and support from the White House, there is an even stronger focus on consumers and their cyber safety. Consequently, this month also marks the 7th anniversary of the STOP. THINK. CONNECT. campaign.  Each year, NCSAM highlights the overall message and capstones of this campaign – Keep a Clean Machine, Protect Your Personal Information, Connect with Care, Be Web Wise, Be a Good Online Citizen, Own Your Online Presence and Lock Down Your Login – and offers the following tips to stay safe online.

Watch for Malicious Email/Spear Phishing

A malicious email can be disguised, looking just like it comes from a financial institution, an e-commerce site, a government agency or any business. It typically urges you to act quickly, often by supplying a link in the email, because one of your accounts has been compromised or your online order cannot be fulfilled without additional information or some other urgent matter requiring your immediate attention.

Spear Phishing involves highly specialized attacks against specific targets or small groups to collect information or gain access to data systems. Once they’ve gained access to the network (e.g. a business’ list of customers), they can launch a phishing attack, posing as the business, and sending emails to their customers that look authentic.

If you are unsure if an email is legitimate, try verifying it by contacting the company directly and/or searching for the company online. But, be sure to do this by not using the information provided in the questionable email.

Protect Yourself When Shopping Online

With the convenience of making purchases with the click of a mouse and next-day delivery to obtaining great deals on an endless catalogue of items, online shopping continues to grow in popularity. This convenience, however, also makes it lucrative for scammers to trick buyers into paying for merchandise they will never receive and obtain your personal information for their financial gain.

Take the following safety precautions when shopping online:

  1. When purchasing items from a new website, read the customers reviews.
  2. When making purchases online, be alert to the kinds of information being collected to complete your transaction.
  3. Use safe payment options. Credit cards are usually the safest option when making purchases online. Credit card companies allow buyers to receive a credit if the product isn’t delivered or isn’t what was ordered.
  4. Always read the return policies to know what to expect if your purchase experience doesn’t go as planned.
  5. When shopping online, make sure the site is security enabled.

In addition to the safety precautions mentioned above, limit the type of business you conduct over open public Wi-Fi connections, including logging into accounts like email and banking, and adjust the security settings on your phone or tablet to limit who can access them.

Keep Security Software Current 

Having the latest security software, web browser and operating system is the best defense against viruses, malware and other online threats. In addition to computers, your smartphones, gaming systems and other web-enabled devices also need protection.

Use Unique Passwords 

The best passwords are the random ones…the ones that are the most difficult for you to remember and the cyber criminal to crack. So, mix it up – use variations on capitalization, spelling, numbers and punctuation. Avoid using names, places and dictionary words and never reuse the same password.

With this said, don’t leave notes with your passwords on your computer or your desk. If you choose to save passwords in a file on your computer, create a name for the file that won’t give it away. If you have a difficult time remembering multiple, unique passwords, use a trusted password manager. Be sure to check out the reviews and reputation of the service.

Data Backup 

Today, our digital devices house vast amounts of our important and cherished data. While very convenient, storing all this on our computer or mobile device comes with the risk of being lost. Data can be lost in many ways including computer malfunctions, theft, viruses, spyware, accidental deleting and even natural causes.

So, it’s important to back up your files – make copies of your data, select the hardware or method of storage and safely store the device that holds your copied files – on a regular basis.

 

Ransomware – A Rising Cyber Threat

The ransom business is booming. However, today’s threat doesn’t come in the form of a note composed of letters clipped out of a newspaper. It’s a new spin on the ransom note where criminals unleash an attack on your PC and its data through malicious software called ransomware.

What is ransomware?

Ransomware is a malware that locks your computer keyboard or computer to prevent you from accessing your data until you pay these data kidnappers a ransom. This digital extortion is not new – it’s been around since about 2005. But, the ransom cryptware that encrypts your file using a private key, which only the attacker possesses, has greatly improved.

Is ransomware on the rise?

Ransomware has come a long way since it first showed up in Russia and other parts of Eastern Europe. The growth in digital payment methods, particularly Bitcoin, the most popular method for demanding ransom because it prevents extortionists from being tracked, has greatly contributed to ransomware’s spread.

The FBI recently issued an alert, which included ransomware and fake antivirus scareware scams. The FBI estimates that criminals are netting an estimated $150 million a year through these scams. However, according to identity theft experts, ransomware is far scarier than the scareware scams because when an attack occurs, it can easily escalate from a potential data loss to potential identity theft to a data breach in the form of extortion.

How does ransomware work?

Similar to scareware, this digital assault begins by duping its victim by persuading him/her to click on an infected popup advertisement or taking him/her to an infected website. But, instead of trying to trick their victim into buying fake antivirus software, these criminals hold their victim’s computer hostage and attempt to extort a payment to return his/her data. Very often the ransomware attacker puts pressure on the victim, stating that his/her data will be destroyed in a specified time period if the ransom is not paid.

Often, the criminals only ask for a nominal payment, figuring that the victim will more likely pay to avoid the hassles and heartache (e.g. losing irreplaceable pictures) of dealing with the virus. Yet, when multiplied by thousands, this nominal payment quickly turns into a healthy income for these aggressive attackers.

Ransomware doesn’t just affect desktops or laptops, it also targets mobile phones. In 2015, masquerading as a porn app, ransomware targeted Android users and allowed attackers to lock up the victim’s phone while demanding $500 ransom to regain access.

Today, individuals, businesses, government agencies, academic institutions and even law enforcement agents have been victims. This vicious malware can infect a victim’s digital device via a malicious email or website, or even become infected straight through someone’s computer via a backdoor.

These types of attacks can have a devastating impact, from losing precious personal data to shutting down hospital services in the middle of emergency procedures. That’s why it’s so important to prevent ransomware attacks from happening in the first place.

How to avoid these ransomware attacks?

1.  Use reputable antivirus software and a firewall. Maintaining a strong firewall and up to date antivirus software is critical to preventing a ransomware attack. It is equally important to use reputable antivirus software from a reputable company because of all the fake antivirus software out there.
2.  Back up often. By backing up files to an external hard drive or an online backup service, the threat of a ransomware attack is greatly diminished.
3.  Enable the popup blocker. Popups are the prime tactic used by digital criminals. If a popup appears, click on the “X” in the right-hand corner.
4.  Always exercise caution. Don’t click on links in emails and avoid suspicious websites.
5. If attacked, immediately disconnect from the Internet. Disconnect from the Internet to keep your personal data from being transmitted back to the criminals. Simply shut down your computer and start fresh – re-installing software and downloading backed-up data. If you’re wary about doing this, take your computer to a reputable computer repair shop.
6.  Alert authorities. If you are the victim of ransomware, don’t be tempted to give in and pay the ransom. Ransomware is a serious form of extortion…crime…and your local FBI will want to know about it.

As these cyber criminals become more and more savvy…and potentially threatening, the best offense is still a good defense. Taking precautions to protect your information and continually being alert are the best solutions to avoid becoming a ransomware victim in the first place.