Just as pollution was a side effect of the industrial revolution, so are the many security vulnerabilities that come with increased internet connectivity. Cyber attacks are exploitations of these vulnerabilities.
For the most part unavoidable, individuals and businesses have found ways to counter cyber attacks using a variety of security measures and plain common sense. Regardless of how safe a business feels though, everyone must still be aware of and vigilant toward online threats.
Let’s examine eight of the most common cyber attacks that your business could face and ways to avoid them.
What is it? Malware is an all-encompassing term for a variety of cyber threats including Trojans, viruses and worms. Malware is simply defined as code with malicious intent that typically steals data or destroys files on the computer.
How does it work? Malware is frequently introduced to a system through email attachments, software downloads or operating system vulnerabilities.
What is it? Often posing as a request for data from a trusted third party, phishing attacks are sent via email and ask users to click on a link and enter their personal data. Phishing emails have gotten much more sophisticated in recent years, making it difficult for some people to discern a legitimate request for information from a false one. Phishing emails often fall into the same category as spam, but are more harmful than just a simple ad.
How does it work? Phishing emails include a link that directs the user to a dummy site that will then steal the information you enter. In some cases, all a user has to do is click on the link.
How can I prevent it? Verify any requests from institutions that arrive via email over the phone. If the email itself has a phone number, don’t call that number, but rather one you find independently online or within documentation you’ve received from that company.
What is it? A password attack is exactly what it sounds like: a third party trying to gain access to your systems by cracking a user’s password.
How does it work? This type of attack does not usually require any type of malicious code or software to run on the system. The software that attackers use to try and crack your password is typically run on their own systems. Programs use many methods to access accounts, including brute force attacks made to guess passwords, as well as dictionary attacks, which compare various word combinations against a dictionary file.
How can I prevent it? Strong passwords are really the only way to safeguard against password attacks. This means using a combination of upper and lower case letters, symbols and numbers and having at least eight characters or more. An attacker using brute force password cracking software can typically unlock a password with all lower case letters in a matter of minutes. It’s also recommended not to use words found in the dictionary, no matter how long they are; it just makes the password attacker’s job easier.
It’s also good practice to change your passwords at regular intervals. If a hacker does obtain an old password it won’t work because it’s been replaced.
What is it? A DoS attack focuses on disrupting the service to a network. Attackers send high volumes of data or traffic through the network (i.e. making lots of connection requests), until the network becomes overloaded and can no longer function.
How does it work? There are a few different ways attackers can achieve DoS attacks, but the most common is the distributed-denial-of-service (DDoS) attack. This involves the attacker using multiple computers to send the traffic or data that will overload the system. In many instances, a person may not even realize that his or her computer has been hijacked and is contributing to the DDoS attack.
What is it? By impersonating the endpoints in an online information exchange (i.e. the connection from your smartphone to a website), the MITM can obtain information from the end user and the entity he or she is communicating with.
For example, if you are banking online, the MITM would communicate with you by impersonating your bank, and communicate with the bank by impersonating you. They would then receive all of the information transferred between both parties, which could include sensitive data, such as bank accounts and personal information.
How does it work? Normally, a MITM gains access through a non-encrypted wireless access point (i.e. one that doesn’t use WAP, WPA, WPA2 or other security measures). They would then have access to all of the information being transferred between both parties.
What is it? Using malware on a legitimate website, a program is downloaded to a user’s system just by visiting the site. It doesn’t require any type of action by the user to download.
How does it work? Typically, a small snippet of code is downloaded to the user’s system and that code then communicates with another computer to get the rest and download the program. It often exploits vulnerabilities in the user’s operating system or in different programs, such as Java and Adobe.
How can I prevent it? The best way is to make sure all of your operating systems and software programs are up to date. This lowers your risk of vulnerability. Additionally, try to minimise the number of browser add-ons you use as these can be easily compromised. For example, if your computers don’t need the Flash or Java plug-ins, consider uninstalling them.
What is it? A way to infect your computer with malicious code that is downloaded to your system when you click on an affected ad.
How does it work? Cyber attackers upload infected display ads to different sites using an ad network. These ads are then distributed to sites that match certain keywords and search criteria. Once a user clicks on one of these ads, some type of malware will be downloaded. Any website or web publisher can be subjected to malvertising, and many don’t even know they’ve been compromised.
How can I prevent it? The best way to prevent falling victim to malvertising is to use common sense. Any ad that promises wealth, free computers or a cruise to the Bahamas is probably too good to be true, and therefore could be hiding malware. As always, up-to-date software and operating systems are your best first line of defence.
What is it? Malware that masquerades as legitimate and necessary security software that will keep your system safe.
How does it work? Rogue security software designers make pop-up windows and alerts that look legitimate. These alerts advise the user to download security software, agree to terms or update their current system in an effort to stay protected. By clicking “yes” to any of these scenarios, the rogue software is downloaded to the user’s computer.
Get started on QuickBooks today and receive your special FSB member pricing here