First, I can't express enough how important securing your online data is. I know this isn't shocking, but the social media accounts that you have store more data on you than you know. Besides that, we keep hearing about credit reporting agencies that have been breached or which company fell victim to malware or ransomware attacks. It seems like an endless cycle of cat-and-mouse. And it is. You can't do much when your data gets exposed by some hackers that target a company, however you can take control of what happens when these bad actors are trying to target you.
1. Protect yourself against malware and viruses
Malware is a piece of unwanted software that runs on a computer with the intent of causing harm or destruction. Although they are different, viruses, Trojan Horses, malicious files and worms can all play havoc on a computer.
- A virus can damage a computer by destroying files. The spread of a virus is through email and social media attachments, images, browsing malicious websites and other media such as PDF files.
- A Trojan Horse is type of malicious software that masks or hides underneath a legitimate software program. Free-ware can contain a Trojan Horse by simply running a malicious piece of software in the code base of the legitimate software.
- Malicious files are non-executable files (.pdf, .doc*, .xls*) that can be used to exploit a weakness in the program used to open the file.
- Worms are a type of virus that auto-propagate and usually infect a network of computers. They cause harm by using the computers resources until the computer stops responding.
What you can do to protect yourself:
- Keep your computer updated by installing security updates and patches.
- Run anti-malware and anti-virus software.
- Maintain caution when open attachments from people that you know and trust. If you didn't expect it, don't open it.
- Install a firewall that limits inbound and outbound ports or create firewall rules.
- Keep software packages updated.
2. Protect yourself against ransomware
Ransomware continues to be a leading threat today. Ransomware usually starts out as a phishing email wanting you to download a file. If downloaded, the file will be installed and encrypt the computers hard drive. Drive-by downloads are another way that ransomware is spread. File extensions found on drives with ransomware can be .vault, .crypto, .petya and a few others with repeating or sequenced extensions (.bbb, .zzz or .xxx). If ransomware is successfully executed on a hard drive, users will be locked out until a payment has been made.
What you can do to protect yourself:
- Backup your computer on a regular basis and make sure to keep that backup off the computer.
- Install anti-malware and anit-virus software on the computer and keep it up-to-date.
- Don't trust downloads from third-party websites.
3. QR code phishing on the rise
Since Covid-19 hit, "Qshing" - QR code phishing, has been on the rise. Why? QR codes are a significant improvement process in contactless transactions. It's easy. Point your phones camera at the QR code and your done. It's a perfect opportunity for scammers. So what can QR codes actually do? They can direct you to a website that contains malware. QR codes can also download apps.
What you can do to protect yourself:
- Avoid scanning QR codes from brands you are not familiar with
- Don't scan a QR code that installs apps
4. Don't over share on social media
Social media is a powerhouse way to let the world know what you're up to. Unfortunately, bad actors know this and act on it. It sounds cool to have 100k followers on Instagram but when 75k of those are fake accounts they want to do one thing. Identify something you post to gain access to something you own. This could be something like an electricity service in your name. The point is, to not over share. By oversharing your making it easy for scammers to get information that they could use.
What you can do to protect yourself:
- Know that you can't delete a post, once you've sent it off into the internet, it's there for good.
- The internet shouldn't be used a dumping ground for your feelings and what you're going through. Don't leave yourself vulnerable.
5. Use a password manager for storing passwords
Password managers are essential in keeping passwords secure. Look for password managers that encrypt the data. Some password managers encrypt data with a password. This can be good or bad. It might be better to use a digital certificate for encrypting your password managers data. However, both are better than keeping it in a text based file.
What you can do to protect yourself:
- Find a reputable password manager to store your passwords
- Backup your passwords regularly and store them on a USB device
- Avoid using a hard copy of passwords, if you do, store them in a safe place
- Avoid using a browser based password manager or browser extension
6. Avoid installing every cool app you see in app stores
App stores are not perfect but they are getting better at detecting when a developer misuses code and wants to harm consumers. Google Play and the App store have implemented strict guidelines and requirements for apps to be eligible to be published. Google bans apps for various reasons. There was an app called SpyFone that received a ban by the FTC (read the news release).
What you can do to protect yourself:
- Don't just download every app you see that interests you
- Check developer reviews. If they are bad then maybe they aren't trustworthy
- Don't download apps straight from a website. If the app links to the Google Play Store or App Store, then that is ok
- Use caution when apps want to access higher level features on your phone, for instance if a game wants to have access to all contacts
- Read the terms and conditions of the app
On of the best things that you or your company can do is get involved in cybersecurity. The CISA is an official agency in the United States that puts together cyber training and offers tips on cyber security.
Interested in finding out your cybersecurity score? I recommend checking out the CISA Hygiene Services page.
For more on security on the web check out some of our other blog entries related to cybersecurity.
Read about the Apple Developer Guidelines
Read about Google policy on content