Cybersecurity refers to the protection of computer systems from theft or damage to their hardware, software, electronic data, and the disruption or misdirection of the services they provide. With the Covid-19 pandemic that increased dependence on internet technologies globally with organizations and companies adopting working from home, more home deliveries by grocery stores, restaurants to court proceedings being followed virtually among others as mitigation measures to combat the virus.
The world of cybercrime has also discovered new avenues to strengthen their hold and have become more creative in executing their bent schemes. You need to get conversant with the developing cybersecurity threats and how to combat them as discussed below;
Phishing
It is a form of social engineering attack that occurs when a hacker uses a false identity to trick someone into providing sensitive information, downloading malware, or visiting sites containing malware. Phishing attacks target people through email where an attacker creates an email looking like it comes from your local bank or the government asking you to visit a website and enter your username and password.
When clicking links or giving sensitive data, try to be cautious even if it appears genuine and when in doubt, contact the source directly to make sure they sent the message.
Watch out for unusual emails and instant messages that may start with unfamiliar wording with grammatical errors or have a generic signature. Lastly, install anti-phishing toolbars on internet browsers that alert you of sites containing phishing information.
Smishing
It is an SMS- based phishing where an attacker sends an SMS text message to a user’s phone. When you open the text message sent, it does not start the attack but contains a link when clicked begins the attack.
Attackers prefer smishing to general phishing that occurs online through emails or web browsing because its programs such as Microsoft Outlook or Google are smart enough to detect phishing emails and label them as spam.
Some common smishing attacks include; receiving a message from” your bank asking you to enter your social security number, a delivery carrier asking you to schedule a package delivery, or other organizations asking you to click a link or give information. Most banks and businesses do not ask for information through SMS messages but rather call you or send you an email. Therefore, never open a link in a text message. You should also watch for misspellings or generic language like: Dear Customer, Sir or Madam.
Malware and Ransomware
When malware enters a computer, it steals, deletes, or encrypts data and tracks a computer’s activity without their knowledge. Ransomware involves a hacker locking the victim’s computer or files and holding the information for ransom.
Ransomware requires the victim to produce a payment in exchange for the hijacked files and unlocking the system. Ransomware spreads through phishing emails or visiting an infected website unknowingly while malware occurs through internet downloads, USB external drives, and physical hard drives. A company should protect itself from malware and ransomware by avoiding outdated software, drivers, and other plugins because they are common security vulnerabilities.
You should also enable click-to-play plugins to keep Flash or Java running unless clicked to reduce the risk of running malware programs with them. Normalize updating your router periodically to protect sensitive data from hackers because an unsecured network will always be prone to attacks. It is easier for hackers to find an overlooked security vulnerability to take advantage of. An upgraded and updated system will not give them access. To update your internet router you can login to your router’s web interface by typing the default gateway IP (192.168.1.1, 192.168.0.1, or lookup on your network details) in your browser address bar and locate firmware updates and update from there.
PDF Scams
PDF scams aim at making you open an attached PDF. The attack involves sending an email with a message stating that a security policy is updated or an account statement is attached that exposes you to malware or ransomware on your computer when clicked.
In-office setup, employers should train their staff to watch for generic or unusual email addresses and generic headings.
Also, make sure you have updated and secure virus protection on your computers and network because having security in place goes a long way in protecting your business and alerting your IT department if someone happens to open up a PDF scam.