If the late-2014 hacker attack on Sony Pictures taught us anything it was that no business can let down their guard for a moment when it comes to online security. While Hollywood’s embarrassment over some sensitive emails made public paled in comparison to North Korea’s hostile response to leaked footage of a film depicting the fictional assassination of its leader, the impact of the cyber attack was both far-reaching and totally unforeseen.
No business can afford the bad publicity, PR and privacy loss that hackers leave in their wake.
Here are 10 data threats and how to build up your defences around them. It’s worth noting that the security solutions can target multiple threats, so don’t limit yourself to trying one of them if you suspect a single culprit, such as a virus.
1. Viruses
We’ve come a long way from Elk Cloner, the 1982 Apple virus created by a secondary school student as a practical joke. These days a virus is designed to copy and attach itself to applications on your computer, spreading through copied server files, downloaded email attachments and the exchange of CDs, DVDs and USB sticks. You’ll lose everything from hard disk space to private information once a virus sets up shop in your computer and replicates at speed.
Solution: Up-to-date security software – don’t wait to renew or be complacent as one day could make all the difference to the health of your computer. You’ll only need one antivirus program, though, multiple versions may conflict with each other.
[Tweet “You’ll only need one #antivirus program.”]2. Worms
A worm can make a home in your system through a variety of means including an email attachment or infected USB stick. And as your friends, colleagues and clients will tell you, it tends to spread to all the email addresses on the infected PC using your good name (and email address), making the recipients especially vulnerable.
In 2000, the Love Letter worm spread from the Philippines to the rest of the world via email, causing almost $6 billion worth of damage and 50 million infections in 10 days. Worms also spread through holes in operating systems, for example expired security software and Windows systems that have not been regularly updated.
Solution: Don’t click on a link in a suspicious email, and run a security scan before opening a USB stick, email attachment or zip file. If in doubt, don’t open it.
[Tweet “Run a security scan before opening a #USB stick.”]3. Spyware
Many computer users have unwittingly installed this illicit information gathering software by downloading a file or clicking on a pop-up ad. From there, the spyware keeps track of your keystrokes, reads and delete files, accesses applications and can even go on to reset your auto signature or reformat the hard drive. Everything you do is sent back to the hacker who controls the program, from passwords to browsing history.
Early versions of peer-to-peer file sharing-program Morpheus were distributed with spyware, leading thousands of people to download malware alongside Take That, Tchaikovsky and Tubular Bells.
Solution: Configure your browser to block pop-ups and clear your browser’s cache regularly, where pop-ups store information. Consider using a new browser, such as Firefox, Chrome or Opera, which are more secure than old versions of Internet Explorer. Installing an anti-spyware program in addition to your regular security measures is essential; try Malwarebytes or HitmanPro.
[Tweet “Configure your #browser to block pop-ups.”]
4. Adware
Had your fill of pop-up ads? Adware doesn’t know the meaning of the word. The ads it launches are tailored to what you look at online, and if that sounds as harmless as the attentions of a personal shopper you’ll be unsettled to know that adware is also usually monitored by spyware – the equivalent of that personal shopper looking through your wallet and handbag while you’re browsing the racks.
In 2014 it was reported that the number of Macs affected by adware was on the rise, and were usually bundled within Softonic, CNET and other third-party installers. As a result of adware infections, The New York Times, Spotify and The London Stock Exchange have featured malicious ads that contain computer-attacking code on their websites.
Solution: Don’t click on a link in an ad and use the Task Manager to close the pop-up window instead of clicking on the ‘x’ to do so. Anything else might give the all-clear for spyware to be downloaded through malvertising (malicious advertising).
[Tweet “Stop Adware, don’t click on a link in an ad and use the Task Manager.”]
5. Spam
Spam is not just a tinned meat that Monty Python enjoyed singing about. These junk emails account for 50 per cent of the emails received each day, and spam also includes unsolicited advertisements presented in instant messaging and search engines. Open the wrong one and click on the link or download the attachment and chances are you’ve just downloaded malware.
Solution: You can follow Nigel Roberts’s example in 2005 and file damages against a company that sends repeated spam emails to your personal account. Roberts won £270 from Media Logistics UK, but you may prefer to take less time-consuming and more defensive action by adjusting the settings of your Gmail , Yahoo or Office email account to filter unwanted mail. To find out how to block spam on other accounts, just search ‘adjust email settings spam filter’.
[Tweet “Junk #emails account for 50 per cent of the emails received each day.”]
6. Phishing
Much more authentic-looking than spam, phishing emails can look almost identical to correspondence from banks, Amazon, eBay or other trustworthy senders who appear to have the inside info on your personal details. You may part with passwords, addresses and credit card numbers, or even send a money transfer to a friend in distress before realising your mistake.
A Zeus botnet unleashed by hackers (see Number 9, Trojan horse) through email had dire implications for 2,500 organisations around the world when it was downloaded and passed on in 2010. For a detailed white paper on the incident and the impact of phishing on businesses, see Red Conder’s report, here.
Solution: Even if you’ve signed up to online banking or other form of internet-based account, be wary of emails from companies you bank and do business with. Never respond to email requests for your password or other sensitive information as the business will already have this in their secure records.
[Tweet “Never respond to #email requests for your #password.”]
7. Keyloggers
By recording your keystrokes, criminals can identify highly sensitive information and from there go on to full-scale identity theft by logging every one of your key strokes, including downloads and conversations. You can pick one up simply by visiting an infected website, with no noticeable side-effects other than a slightly slower machine.
Hotel business centres have become particularly vulnerable to keylogging through the computers they provide to guests. Infection has spread to such an extent that the US Secret Service has become involved in the investigation.
Solution: Change your passwords regularly, but make sure you use good quality passwords. If it’s a struggle to come up with strong passwords, consider a password manager to help you.
You may also want to install a firewall to protect your network ports if you don’t already have one. Windows comes firewall-enabled, but businesses may wish to go above and beyond this (which will mean disabling the Windows firewall).
[Tweet “Struggle with strong #passwords? Consider a #password manager.”]
8. Rogue security software
Like a criminal dressed up in a policeman’s uniform, this software claims to be antivirus software. It will take a payment from you and leave your computer open to all manner of malware while you believe your computer completely protected. There is often a Trojan horse component (see Number 9, Trojan horse) disguised as a browser toolbar, screensaver or free malware scanning service that users are tricked into downloading.
Google reported 11,000 domains hosting fake antivirus software, and the numbers have grown since then. The bottom line is never to accept security scanning or software that does not come directly from your security provider, and even then it doesn’t hurt to double-check!
Solution: Think twice before agreeing to download unsolicited software, as you should only look to trusted websites such as McAffee and Norton for security programs.
[Tweet “Use trusted websites such as #McAffee and #Norton for #security programs”]
9. Trojan horse
Remember the Blue Screen of Death? This malware contains a code that acts as a backdoor for hackers to gain unauthorised access into your computer. In 2009 the Trojan Zeus compromised 74,000 accounts on websites belonging to the Bank of America, NASA, Amazon and others (see Number 6, Phishing).
While a Trojan will not inject itself into other files like a virus or propagate like a worm, you may lose valuable personal information, have a webcam used without your knowledge or unwittingly have your computer used for illegal activities or attacks on other computers.
Solution: Scan your computer weekly, be vigilant about investigating unusual changes to the system and remove malware whenever it is detected. Microsoft offers a free tool to do this, and many other no-cost antivirus programs are just as comprehensive.
[Tweet “Scan your #computer weekly against trojan horses.”]
10. Pharming
Hacking has come an awfully long way and its methods are getting even harder to detect. Fake websites that appear nearly identical to authentic ones can be used to fool you into giving away your banking details. By exploiting a vulnerability in the domain name system (DNS) server and local network router, pharming sites compromise IP addresses and allow access to a home computer. User names and passwords are stolen, paving the way for online identity theft, a huge concern to ecommerce businesses and online banking websites.
Panix, a large New York internet service provider, was hacked into in 2005 and Symantec also suffered from an instance of pharming three years later, proving that businesses as well as private computer users should be on their guard.
Solution: Anti-pharming measures require a greater level of sophistication as antivirus and spyware removal software and spam filters cannot protect against pharming. Browser add-ins such as toolbars, DNS protection and server-side software are the most common measures. The best option, however, is for users to ensure they are using secure HTTPS web connections for sites that require personal data, and to change the password on the router rather than leave it as the default.