- Luke Werner
Cyber Security Threats and How to Manage Them
Even though there is not a 100% solution to fix the vulnerabilities to the computer Operating Systems there are different ways you protect yourself and lessen the impact from viruses, malware and ransomware . The most effective way is through a multi-layer approach that will hopefully catch a majority of these Cyber Threats.
Below we have a break down of different Cyber Threats that are designed to be intrusive enough with general pop ups and redirects to demanding money for 'fixes' and more
Malicious Browser Extensions
By now, we have all heard about how viruses can infect your system and wipe out all your data. While that is true, one of the most annoying forms of cyber threats comes from malware. Often this kind of malware is presented as a browser extension to help you with some mundane function, essentially a quality-of-life feature, so you don’t have to worry about it because it should now be automated. These browser extensions can be something innocuous like a booking, directions, or even a password management extension. No matter which forms they take, the new malicious browser extension may do something small like redirect your web searches to some other search engine, or even change your browser’s homepage. You may also start experiencing an increase in pop-up ads. The easiest way to combat this is to only install extensions that you trust and, if redirects or pop-ups start to occur, then go into your extensions or addons settings in your browser and manually remove them.
Phishing or email scams are another common practice where the user will receive an email posing as a friend, family, co-worker, or even a trusted company. They may ask for money, claim an outstanding invoice needs attention, insist that you have been hacked and need to login to an account to verify your identity, and other equally innocent looking requests. These are attempts to solicit information from you such as credit card numbers, bank account logins, or other personal data. The best way to protect yourself from this kind of scam is to first check who the email is coming from. Often scammers will “spoof” or imitate a company’s email address making you think it is legitimate. However, if you check the domain name the email is coming from (everything after the @ symbol) you will see it is not actually coming from who they claim to be. If it isn’t coming from an actual organization’s email address like @apple.com, @citibank.com, @amazon.com, etc. then it is almost certainly a scam. We frequently see emails come in saying that you owe money for a product, but when we check who it is from it will be from an @outlook.com, @gmail.com, @yahoo.com type of account. If you are still unsure, then we would recommend visiting the actual company’s website and try logging in. If you have an account and log into your portal, then you will typically see if there are any overdue or pending charges. If you have never visited the website before or created an account, then you know for sure that it is a scam. Some email scams go as far as saying that you have been infected with a trojan virus and that they have all your browsing history including the pornographic sites that you’ve been to and that they will release this information if you do not pay them in some form of cryptocurrency. These types of emails have been on the rise over the past few years and try and strike fear into you to get you to pay, but they are always a bluffing scam.
Browser Hi-Jackers are those annoying webpages that come up and tell you that your system has been infected and that you need to call a toll-free number to have someone remote into your system. If you call them, they will claim your computer is infected and ask you for a form of payment to help secure your computer. Even though annoying, these browser hijackers can primarily be fixed by quitting out of the web browser you are in and relaunching it. In some instances, you may have to restart the computer by holding the power button in for approximately 10 seconds to forcibly shut it down and then turn the computer back on. After that when you relaunch your browser, it should default back to your startup page and if not, you may have malware installed on your computer that needs to be removed.
Ransomware is probably the most destructive cyber threat that we see. It doesn’t matter the size of your organization, ransomware can target any company at any time. If you do not have some form of plan in place, it can be a very costly endeavor to get access back to your data. These types of attacks typically happen through someone gaining access to your system or company servers through one of the previous methods. Once they have access, they will encrypt your data and make it inaccessible until you pay them to unlock it. If the data that is compromised is important and you do not have a backup plan in place you may be left with your only option being to pay the attackers ransom demands. The only way to prevent an attack like this is to follow the practices listed above, have full reputable Anti-Virus software installed, and actively watch out for phishing scams. Even practicing these guidelines ransomware can still get into your systems. This is why you need to have a plan in place before that happens. The easiest way to recover from a ransomware attack is to have an off-site backup in place. This DOES NOT include cloud storage services like OneDrive, iCloud Drive, Google Drive, Drop Box, etc. These cloud-based storage applications are syncing with your system in real time and may sync the locked files to the cloud storage. You will want an off-site backup service that runs backups once a day. This way you will have a point to restore back to before the ransomware infected your system.