What are your website security plans for this year?
If you’re an optimist, and have been lucky so far, your strategy might be to continue hoping hackers don’t notice you because you’re a small target, compared to the massive corporate data breaches that make the news.
But that’s a bad strategy, because numbers don’t lie.
According to Computer.org, almost half of all Americans who use the internet have been hacked at some point to some degree, and 43% of all cyberattacks target small businesses. The bottom line is this: if your number hasn’t come up yet, the odds are against you.
Keep an eye out for the following four popular cyber attacks, and learn how to stop them below.
Those closely following the saga of the Special Counsel investigation into Russian interference during the 2016 U.S. presidential elections know that the entire mess started with an email phishing attack.
In essence, members of the Democratic Party received email messages that looked just like Gmail security alerts. The targeted individuals clicked on a link, and were directed to a website that looked like a Gmail login page. There, they entered their username and password thinking that they were changing their credentials for safety purposes.
Phishing acquired its name from the hacker practice of casting wide nets by sending out thousands of emails. Spear phishing is a more sophisticated version that involves more time and effort. Instead of sending thousands of identical emails, a hacker researches a target and crafts a personal message intended to yield the same result – the theft of login credentials or personal information.
SMS spoofing is a trending spear phishing technique in 2019. An example would be a text message claiming to be the victim’s husband, asking for the username and password to a home wireless router. Although antivirus software offers some level of protection against phishing, critical thinking, skepticism, and a careful study of all received messages are your best defense.
Ready to do more business with email marketing?
2. Man-in-the-middle (MITM) attack
This attack takes various forms. The most common is session hijacking, which involves hackers coming between a client and a server.
A typical MITM attack begins when a client, which can be a desktop, laptop, smartphone, or tablet, connects to a compromised public Wi-Fi network. The MITM perpetrator, acting under the guise of the public network, spoofs the Wi-Fi connection provider and spies throughout the session, thus making it a simple matter to collect passwords, credit card information, or more.
Your best prevention against MITM attacks is to fight technology with technology. The widespread adoption of virtual private networking (VPN) is one of the best things you can do to foil attackers. These inexpensive services use military-grade encryption to create a private tunnel to the internet for your session, whether you’re at home or in Starbucks. With a VPN activated, you can safely log on to public Wi-Fi hotspots without the worry of hackers lurking in the routers spying on your sessions.
Another tool recommended by security experts is a password manager. A brute force attack is a favored hacker strategy that uses software to automatically, and systematically, guess thousands of combinations of login credentials to get into a protected area.
Brute force works because too many people rely on simple, easy-to-remember passwords. A password manager not only enters passwords to all your protected sites, but also suggests hard-to-guess combinations, while never forgetting them. Used together, a VPN and password manager make it exponentially harder for a hacker to get in. A frustrated hacker is likely to move on to an easier target.
3. Social engineering
In the context of cybersecurity, social engineering is a tactic that attempts to take advantage of the trusting, sometimes gullible reality of human psychology to convince a target to reveal confidential information. Phishing and/or spear phishing are both examples of social engineering, but the idea covers more than that.
A few real world examples:
- Leaving USB devices loaded with malware laying around, to be picked up and plugged in.
- Posing as IT service to dupe employees into disabling their AV software, for updates to be installed – which just happen to be malware.
Another successful tactic is for the social engineer to impersonate a delivery driver, complete with clipboard, package, and some sort of uniform. This has proven to be an effective way to gain access to buildings that require card access. Once inside, all the “delivery person” has to do is find an empty office to gain physical access to the hardware.
4. Malware injections or infections
All of the preceding attacks can serve as preludes to malware installation onto a device or network. Malware ranges from the classic computer virus, to more sophisticated strains such as ransomware – literally holding your private data for ransom – or cryptojacking, which uses your computer’s resources to covertly “mine” cryptocurrency.
To a certain degree, malware is the easiest cyber threat to protect against, because it involves endpoint security, which should be protected with firewalls and antivirus software. Spear phishing, in particular, is a technique often used by cybercrime crews who wish to bypass antivirus software.
Malware prevention should take a couple of different forms. First, turn on automatic updates for your operating system. This way, your computer installs security fixes as soon as they become available, and guards against zero-day exploits – vulnerabilities which aren’t discovered until after they’ve been exploited by hackers. Such was the case with the WannaCry ransomware worm, which infected thousands of Windows computers in 2017.
In a more general sense, anyone who uses a computer should learn the warning signs of a malware infestation. You don’t typically get a flashing sign that says, “Malware now on board! Hold on for a bumpy ride,” but there are indications to its presence, such as constant pop-ups or the surprise appearance of a toolbar you don’t remember installing. Suddenly poor performance, for no apparent reason, is another hallmark of an infected computer or mobile device.
Protect your small business from the all-too-common cyberattack
Cyber-criminals won’t stop plying their trade any time soon. There’s too much money at stake. Unless recovering from a malware infestation is how you or your organization like to spend your free time and money, now would be a good time to get serious about shoring up defenses on your network and devices.