Every day it seems like a business experiences a massive and disastrous hacking or phishing attack. If you don’t want to fall victim yourself, here are seven steps you need to take to prevent such a cyber attack.
Tips for Preventing Cyber Attacks
Know the Risks
If you want to properly protect your company from a cyber attack, then you first need to be aware of both the internal and external vulnerabilities your business may be exposed to. This can include:
- Weak passwords. Did you know that 80% of cyber attacks involve weak passwords? Even worse, 55% of people only use one password for all their logins. To strengthen your passwords, use around 16 characters that include a mix of numbers, letters, and special characters. You should have a unique one for each login. Use a password manager or single sign-on so you don’t have to remember them all.
- Malware attacks. This is when an infected website, USB drive, or app delivers software that captures keystrokes, passwords, and data. Make sure you’re running malware detection like Norton Toolbar and all your existing software is up to date.
- Phishing emails. These are emails that appear official-looking but in reality are fake. The goal is to trick you into entering your password or clicking on an infected website. The easiest way to avoid phishing email scams is to think before you click. Only click on sites you trust. Like protecting yourself against malware, keep your existing software, operating systems, and browsers updated with the latest patches.
- Ransomware. Here’s where hackers hold your website, computer, or data hostage until you pay a ransom. Again, never click on suspicious links or browse unknown websites. Also use anti-ransom tools like AVG’s decryption tools, Trend Micro lockscreen ransomware tool, or Avast anti-ransomware tools.
- Social engineering. This is when a hacker pretends to be you so he or she can reset your passwords. To lessen the threat of this attack, never share too much personal or financial information online, implement policies like requesting that password resets are done over the phone, and conduct a security audit.
Install an Anti-Phishing Toolbar
The most popular Internet browsers can be customized so you can add an anti-phishing toolbars. These toolbars quickly run checks on the sites you visit and compare them to lists of known phishing sites. If you happen to land on a malicious site, the toolbar will immediately alert you.
Not only does this add an extra layer of security, it’s 100% free.
Always Verify a Site’s Security
Even if you have an anti-phishing toolbar installed, you still need to verify a site’s security whenever asked to hand over sensitive data. There’s a chance that site hasn’t been flagged as a phishing site yet.
Always make sure the site’s URL begins with “https” and look for a closed lock icon near the address bar. You should also check for the site’s security certificate too.
Again, if you do receive a message stating that a certain website may contain malicious files, do not open the website. And never download files from suspicious emails or websites.
Be Wary of Pop-Ups
Pop-up windows can often pass as a legitimate component of a website. However, pop-ups are usually phishing attempts. The good news is that most browsers allow you to block pop-ups. If one does slip through the cracks, don’t click on the “cancel” button. Doing so will probably take you to a phishing site. Instead, click that small “x” in the upper corner of the window.
Check Your Online Accounts Regularly
If you haven’t used an online account for several months, don’t assume that it’s secure. A hacker could have found a way in and has been having fun at your expense. Make it a habit to check in with each of your online accounts on a regular basis. And while you’re at it, change your passwords frequently as well.
In order to prevent bank phishing and credit card phishing scams, personally check your statements regularly. Instead of tossing that monthly statement on your desk, carefully review it to make sure each entry is legitimate and no fraudulent transactions have been made.
Hackers are on the prowl for any type of company-held data that are lying around, such as bank routing digits to employee Social Security numbers. If your company is holding onto this kind of important data, then you need to ensure it’s encrypted.
Make certain that your information is kept safe by using full-disk encryption tools. Because these come standard with most operating systems, and it only takes a minute to switch on, there’s no excuse here.
Keep in mind that using this feature will require some added attention. That’s because the encryption will only activate in scenarios when a login is not in use. This means that hackers just need employees to step away from their computers, like during a lunch break, in order to attack a system with a virus or malware. To strengthen your measures, set all your computers to automatically log out after five to 10 minutes without use.
“The best defense against ransomware is to outwit attackers by not being vulnerable to their threats in the first place,” suggests Kim Zetter in Wired. “This means backing up important data daily, so that even if your computers and servers get locked, you won’t be forced to pay to see your data again.”
There are some ransomware attackers who “search out backup systems to encrypt and lock by first gaining entry to desktop systems and then manually working their way through a network to get to servers. So if you don’t back up to the cloud and instead back up to a local storage device or server, these should be offline and not directly connected to desktop systems where the ransomware or attacker can reach them.”
Remember, there is no single way to completely avoid hacking or phishing attacks, but using the steps listed above will at least lessen the chances of your business becoming a victim of a cyber attack.
Hooded Hacker Photo via Shutterstock
More in: Cybersecurity
My wife recently had her Facebook profile stolen and hackers are a savvy bunch. They knew how to work around all Facebook’s security protocols and it was just gone. Had to tell all her friends to report it and unfriend just so it would get shut down.
First, you must learn everything you can about these threats. Only in learning can you fully protect yourself.
Good post Loren. It really is about the weakness of people… which means the best way to increase security and reduce successful phishing attacks is to educate / train people. I’m aware of a few training programs that help train users… there was an open source one at getgophish.com which was pretty interesting… and we’re actually considering implementing the code for our clients or anyone who wants to run through like a 30 day challenge / test that will coach them in a user friendly manner… thoughts? (PS. I know mimecast is very aggressive on their awareness and training programs).