Welcome to the geek side of me! I have been trained and certified in computer forensics, ethical hacking and a number of other computer security related functions. I write this post in light of recent major breaches by retail chains and cloud storage sites. As you may recall, Target and Home Depot, companies who likely had a team of computer security professionals working for them, did not realize they had been breached for perhaps months. If hackers got passed trained professionals, imagine what they can do with the average computer user who doesn’t realize how vulnerable they can be. My goal with this post is to give you, the small business owner, quick tips to help make you aware and hopefully stay as protected as possible.
I will used the questions in the email quiz to guide this post (because this is a huge subject…keeping it simple and short).
1. T/F Spear phishing is when you catch fish with a spear.
An example of spear phishing is when you receive an email from your friend with just a link or a quick statement saying “check this out, you’ll love it!”. What makes these emails so clever is it appears to be coming from someone you know (9/10 it is that their email account was hacked), or they seem to know you as they will some times state your name in the message as well. The goal is that you’ll click the link. This click can lead to so many things and it’s solely based on the attacker’s intention. In my ethical hacker class, we learned how to “spoof” an email account. I was able to send an email to myself that look like it came from the President of the US.
Here’s a very short list of what an attacker can do with access to your system:
* install what’s called a Key Logger program. This will send back to them everything you’ve typed. They are looking for passwords and other security or personal info.
*hold your account for ransom,
*log in and send people emails from you or log into your social media and post on your behalf,
*just completely crash your system causing you to lose everything
2. T/F It is okay to use the same password for multiple sites.
Even though this is subjective, I will say False because if a hacker gets one password, he/she now has access to everything with that same password (especially if the username/login is the same for all sites too). I know it’s easier, but they really should all be different.
3. T/F Your information can be stolen from your computer without you knowing it.
I briefly covered this in the answer to number 1. Once someone is in your system, they can do as they wish and you wouldn’t know it.
4. T/F You should only change your password once a year.
There’s no standard as to when you should change your password but consider this, a hacker has all the time in the world and they know it because no one knows what they are doing. There are programs they use to try to crack passwords. If you keep the same password, they can keep that program running against your password until it’s cracked. When you change your password on a regular basis, however, they have to start over every time. It’s a deterrent, not full proof just as are car alarms.
Some of the best practices for protecting your computer’s information are:
1. Keep all security updates for your programs and internet browsers up to date
2. Don’t click on or open any unfamiliar/unsolicited links, or photos. If you didn’t fill out a raffle to win something, don’t click the congratulatory link.
3. Install a good computer security suite (Kaspersky, McAffee, Norton, Zone Alarm). There are some that are free to use too.
4. Change passwords every 60-90 days at the most. If you’re like me, you change it all the time because you’re always forgetting it lol.
5. Secure your home network (wireless especially). Someone could be in the proximity of your home and hop onto your network. If you have folders and files shared out on your network, that makes them available to “guest” computers on your account.
6. Make your password a passphrase….make it a sentence using characters, numbers, upper and lower case letters. Some sites won’t let you use characters so incorporating numbers is really necessary.
7. If an email tries to redirect you to a site you know, type the site in the browser yourself because it’s too easy to make a website look legitimate and capture your login info when you type into the attacker’s fiction site.
This just touches the tip of issues that could occur if you’re not being diligent about protecting your info and your clients’ info. Feel free to comment or ask questions.
To your success!
BlogPosted in 0 comments