NATIONAL CYBER SECURITY AWARENESS MONTH IN OCTOBER: FIVE WAYS TO THWART THREATS FROM CYBERCRIMINALS
Cybercriminals are in it for the money – and their ever-shifting targets and tactics require continuous vigilance.
Although overall ransomware attacks decreased by 20 percent, ransomware directed towards large enterprises rose by 20 percent, and ransomware targeting mobile devices rose by 33 percent. Supply chain attacks, which are used to gain private payment information from individuals or corporate entities, also increased by a massive 78 percent.
To help consumers and businesses protect their data and privacy, Matrix Integration, a strategic IT infrastructure partner for more than 1,000 businesses in Kentucky and beyond, is offering practical tips for October’s National Cyber Security Awareness Month.
“Cybercriminals continue to be creative in their attacks, turning their attention to industries such as manufacturing to retail, and using cloud technology and software like common mobile apps to their advantage,” said Nathan Stallings, president of Matrix Integration. “All these threats mean that businesses need to cast a wide net and use a variety of tools to keep their businesses and their customers safe.”
Malware, ransomware, phishing scams and password attacks are all different means of gaining access to information and financial resources for criminals. In addition to company and enterprise-wide security systems, everyone should know how hackers attack, and how to keep themselves from being an easy target.
1. Create strong, complex passwords. Cyber criminals want access to corporate information, account numbers and private data. People shouldn’t reuse the same passwords for different sites and devices. One easy option is to create a complex phrase. For example, instead of “Ilovedogs,” people should try “Ilovemydalmation.”
2. Take a closer look at that email. One of the most common ways to hook a victim is through “phishing” – personalized emails that look like they are from a friend or colleague. Attachments often look like common Microsoft Office documents. Once a person clicks on a malicious link or attachment in that email, they could deploy malware or divulge sensitive information. Consumers should question everything and look closely at return addresses, scan for typos, and compare suspect emails to legitimate ones they have received in the past.
3. Watch social activity. Cybercriminals are now targeting citizens through social media like Facebook and Twitter. Ads or personal messages encourage users to play games or click on links to photos, which could lead them to malware or other scams.
4. Use public Wi-Fi with caution. Free Wi-Fi in public spaces is a major benefit to anyone who needs connectivity on the go. But some of these hotspots may be operated by cybercriminals who can easily steal the data users’ transmit while on their networks. People should not connect to wireless networks that aren’t recognized, especially those with “free” in the name or those defined as an “unsecured computer-to-computer network.”
5. Take care with mobile apps. The majority of applications people download to their phones are perfectly safe. However, in the past year, cybercriminals have been developing more apps that contain malware and ransomware for individual phones. Symantec found one in 36 mobile devices had high-risk apps installed1, so to stay safe, consumers should keep their phones’ operating systems as updated as possible, and only download apps from primary app stores.
For hacks that are harder to detect
No matter how cautious users are, hackers can still gain access to networks and systems. In addition to malware and ransomware, criminals still find ways to hijack passwords and steal information.
Businesses and their employees should identify the assets that are most important, come up with a plan to protect and detect those assets, and provide tools to discover and respond to attacks before they can cause damage. Types of solutions include robust identity management systems so passwords are harder to steal, data encryption software and staff training.