Did You Know:
- Social networks are a valuable tool but open up significant security risks
- If you travel with a laptop, extra care and controls are required.
- Phishing and other social engineering tricks can (and do) fool even the smartest people
BWS Technologies can assist you with managing and eliminating any of these threats below.
Contact us now!
Web surfing and social networking – It’s the World WILD Web out there
The web is a cybercriminal’s dream come true. It’s instantaneous. It’s anonymous. And it’s very, very easy to fool people. A website that looks at first glance to be your bank’s website can easily be a clever forgery. And that video-viewing download you’re being offered? Chances are you don’t need it – and you certainly don’t need the spyware that may well be hidden behind a realistic-sounding application name.
Email and Spam - Oldies But Still Baddies
For many years, the virus writers’ distribution method of choice was email attachments. Although still a popular method of attack, e-mail is a far less effective way to fool people into opening things they shouldn’t.
In addition to installing a reputable security solution and keeping it updated, educating yourself on responsible email behavior is fundamental to email security efforts. One important reminder comes from US government agency US-CERT. "Many viruses can "spoof" the return address [in an email], making it look like the message came from someone else. If you recognize the return address but weren’t expecting the message, check with the person who supposedly sent the message to make sure it's legitimate before opening any attachments" the organization advises.
Instant Messaging (IM) - Chatting Your Way to Trouble
While not yet as ubiquitous as email, instant messaging is gaining momentum as a communications tool, and carries many of the same risks as email, as well as some unique to the IM environment. Viruses and other malware can be hidden in files sent over IM. Links embedded in messages can lead to infected websites. IM even has its own version of spam, sometimes called SpIM – Spam over Instant Messaging. Users should also be made aware that "Some IM services link your screen name to your e-mail address when you register. The easy availability of your e-mail address can result in an increased number of spam and phishing attacks, " warns Microsoft. So users should take care when they register for an IM account that they don’t inadvertently advertise their email address.
Insider threats - Know Your Enemy, You Might Be Them
While you are right to be concerned about shadowy cyber-criminals, you have the potential to cause just as much havoc. By some accounts, the damage caused by accidental or deliberate data misuse is actually greater than that posed by remote hackers.
While education goes a long way towards controlling accidental internal security breaches, stopping yourself from introducing destructive malware is more challenging.
Public Wifi - just because it is open doesn't mean it is secure
Do you have any idea how your laptop is being protected while connected to an open network? You’re opening the door to significant risk if you don’t take the appropriate protective measures.
You need to be extra protective when connecting to a wireless network you know nothing about, this goes a long way towards ensuring those machines don’t bring any unwanted ‘gifts’ with them when they reconnect to your network.
USB Sticks – Plug’n’Play Malware
USB sticks, thumb drives, memory sticks – whatever you call them, are as just as useful to the bad guys as they are to us. While they're physically tiny, they can hold several gigabytes of data.
Recent examples of falling victim to USB-stick-driven security breaches include Greater Manchester Police in the UK, where computer systems were down for several days after a USB stick containing the Conficker Worm was plugged into a computer connected to the network. Fortunately, removable devices can be automatically checked using antivirus software or users can choose to run a manual scan before accessing any of the files on the stick.
CERT's advice on how to avoid malware infection via USB sticks includes the obvious warning not to use any unknown devices but also to keep personal and business drives separate. "Do not use personal USB drives on computers owned by your organization, and do not plug USB drives containing corporate information into your personal computer," the organization says.
Mobile devices - The computer in your pocket
Today’s smartphones are miniature computers. Hackers and criminals have also been known to use text messages to direct unsuspecting users to infected websites according to US-CERT. "These messages, supposedly from a legitimate company, may try to convince you to visit a malicious site by claiming that there is a problem with your account or stating that you have been subscribed to a service. Once you visit the site, you may be lured into providing personal information or downloading a malicious file," the agency warns.
Other risks with smartphones relate to downloading content. CERT's advice is not to download files or applications directly onto your smartphone. If you do need to download a file from a web site, consider saving it to your computer and manually scanning it for viruses before opening it.
Aside from email and web access, other ways criminal code could gain access to a mobile device is via the wireless networking technology known as Bluetooth. CERT's advice when it comes to Bluetooth is to know how to keep it switched-off when it is not needed. "Make sure that you take advantage of the security features offered on your device," the agency states. "Attackers may take advantage of Bluetooth connections to access or download information from your device. Disable Bluetooth when you are not using it to avoid unauthorized access."
Wireless networks - What You Can't See Can Hurt You
Even after more than a decade of use, wireless networks still spill outside the physical confines of a building, continuing to offer a tempting route into the network for hackers. Closing this loophole means paying attention to the security settings of the network. US-CERT advises that you need to be aware that the entire contents of their network could end up in someone’s control if they don’t take care to adequately protect their wireless networks. "A practice known as wardriving involves individuals equipped with a computer, a wireless card, and a GPS device driving through areas in search of wireless networks and identifying the specific coordinates of a network location. This information is then usually posted online.”
US-CERT also advises how to use firewalls to block wireless attacks. "While it is a good security practice to install a firewall on your network, you should also install a firewall directly on your wireless devices (a host-based firewall). Attackers who can directly tap into your wireless network may be able to circumvent your network firewall—a host-based firewall will add a layer of protection to the data on your computer."
BWS Technologies can assist you with managing and eliminating any of these threats above.
Contact us now!
Edited and Adapted via AVG Blog
