Your business could be in jeopardy. Employee PC’s are the most common form of a security breach. It is really easy to trick someone into clicking on a link or opening an email and in return you open the door for cyber criminals potentially giving them access to your business data and even can shut down your entire operation.
Here are the most common threats and what you and your employees can do to avoid them:
1) Phishing: In a phishing scam, usually an email or link is sent via a social network trying to get you to download malware unknowingly or to type in sensitive information. Often times it appears to come from a legitimate source or addressed specifically to you. However, If you look closely something is just not right. Often times there is a spelling error or the address it is from is not the company or individual it appears to be from, but some other odd name with with the actual name in it to sound legitimate. Take steps to recognize and delete suspicious emails.
2) Malware or Scareware: In these types of attacks we unknowingly go to a website, perhaps it came up in a search engine and you clicked on it. Suddenly, a message pops up saying you are infected or your PC has been compromised or you have registry errors and even that your PC has been confiscated by the government! In order to solve the problem you just need to “click here” and magically all the problems will be solved…that is after you give out sensitive information like your credit card because it will only cost $9.95! Unfortunately after you enter your information, nothing happens… there is no fix and actually you just downloaded a virus. A little education can go a long way in teaching your employees how to spot these type of attacks.
3) File Sharing: Everyone likes free stuff! It is really tempting to sign up for a peer to peer network and share files that you would other wise have to pay for like music for example. Unfortunately this too is a very common way for viruses to infect your computer. It opens an door to your computer and therefore your network! It is a good idea to prohibit Peer to Peer networks in the office. Often times they are also illegal.
4) Social Networking: Social networks are becoming more and more popular and even more popular with cyber criminals. The posts you see “Click if you like if you want her dad to quit smoking” or “click like if you want this kitty reunited with her owner” are ways of tricking you to click like. The more likes the post gets the more money they can make. The page might be called something you can relate too, and they post things that you like, then once they get enough followers they sell the page to someone else. There are several examples of links spreading on social networks that are infecting unsuspecting computers. Again, training employees to spot scams and keeping your profile and information private (friends only) are steps in the right direction.
5) Mobile Malware: Now that smart phones and tablets are becoming more and more popular, it is important to note that cyber criminals realize this too. iPhones and iPads are pretty secure because iTunes & the app store really monitors and regulates what is available for download on those types of devices. However, android and no name brand tablets are at risk. There are what appears to be legitimate applications free for download and in fact it is malware in disguise. Do a little research if you are not familiar with an app before you agree to download.
6) Cross-Site Scripting (XSS): Often time we think of security breaches coming from going to illicit or illegal websites and they do, but XSS comes from the smartest cyber criminals hijacking a legitimate website and changing the HTML code to their own malicious code. This lets them at the very least steal your info and it could be very detrimental. Protect yourself by keeping your security programs up to date, disable Java and any other unnecessary features.
7) Drive by Download: This refers to a system vulnerability, usually in your browser that allows viruses and malware to be downloaded automatically and installed on your computer – often times without you even knowing. Ways to protect your self and your PC, make sure your browser is up to date and any applicable security patches installed.
The bottom line? Training and education and regular system maintenance it the best way to protect your employees and your business you worked so hard to build.