Cyber criminals are working round the clock to find vulnerabilities in your system and network and use it to their advantage. They are becoming more high-tech and persistent, so businesses need to be continuously vigilant in securing their data.
To fight ever-evolving cyber-threats, you need to understand what these are, how these are delivered to your devices and users, what you can do to prevent it from happening, and how you can remedy the incident when it does.
Here we list the top four common cyber security threats you need to keep an eye on and a few tips to keep your data safe.
#1 Malware and Ransomware
Perhaps the most highly publicised in recent cyber attacks are ransomware and malware, which have victimised hundreds of businesses. But exactly how different are these two? Malware is designed to acquire access to a person’s PC or device by tricking that person into installing a certain software. Without the user knowing about it, malware can be used to steal sensitive information or spread spam via email.
Ransomware, on the other hand, is a subset of malware that locks your PC and forbids you from gaining access to it until you pay a demanded ransom, usually in the form of Bitcoin. Examples of these are the recent ransomware attacks like WannaCry and Petya which disrupted businesses in over 150 countries.
#2 Virus and Spyware
A virus is a small software designed to spread from one PC to another intended to interfere with the PC’s operations. It can corrupt or delete data, use your email to spread itself to other PCs or even wipe everything on your hard disk.
Spyware secretly collects information about you without your consent and can be furtively installed together with another software you have downloaded.
#3 Social Engineering
It is easier to fool someone into giving their password than to hack an entire network. This is the whole premise of Social Engineering.
It is the art of scamming people so they give up confidential information or perform an action. Common social engineering techniques include email messages imitating a person’s boss or friend with messages containing a compelling story such as urgently asking for financial assistance or a donation. Others may use your trust and curiosity to open a malicious email or download from a link.
Phishing is another form of social engineering where an email is sent to everyone and appears to come from a trusted and well-known organisation, but is actually from someone else.
A spinoff of phishing is spear phishing where the attack is personalised and targeted to a specific user or organisation. The scammer masks themselves as a trustworthy friend or an individual within the organisation, typically from someone in a position of authority.
Common strategies involve a scammer that will require you to ‘verify’ information by clicking on a link and providing your sensitive data through a form. Others will notify you as a ‘winner’ from a lottery, a deceased relative or a raffle draw you didn’t sign up for.
Don’t be a victim!
How do these cyber security threats spread? It’s usually through emails with links that direct users to a fake website asking for required information or requesting to download a software. When the user does what the website is asking them to do, their PC gets infected.
So how do you protect your business from these threats? Here are a few tips you can immediately adopt:
- Use strong passwords that are challenging to guess. Combine letters, numbers and special characters to create a complex password.
- Think before you click. Cyber criminals will rush you to act by creating urgency in their messages so be sure to review the message first before you do anything.
- Delete suspicious emails requesting for sensitive data such as passwords or financial information.
- Investigate and look for facts. Be cautious about unsolicited emails. If the email came from a company that you deal with, research the company’s site online or find their phone number to verify the unsolicited email.
- Use a VPN if you must use a public Wi-Fi.
- Keep your application and operating system patches and antivirus software up to date.
Have you experienced these cyber threats before?
If you did, what security measurements did you take to remedy the situation? Did you use industry accepted best practices to mitigate the risks? Share your experience in the comments section below.
Our team of senior security consultants have prepared a framework based on the Department of Defence’s recommendations to minimise business risk associated with IT security. Contact us if you want to speak to a Security expert or check our website to review various security offerings available.
Be on the lookout for our next blog on “Win the War Against Cyber Threats” to learn more tips on how you can build a strong defense against cyber threats.