You don’t have to be paranoid to believe that your IT infrastructure is vulnerable to attack at any moment -- because it’s true. When it comes to online computing, a fortress mentality will pay you dividends in IT stability and robust protection of services. Because you’re concerned about what might happen, you really want to learn as much as you can about the security risks that your business faces every day. In this article, we discuss four common cyber threats to your business and how you can deal with them.
Malware
Any software that was created with malicious intent could be considered malware. The term comes from the Latin root word mal, which simply means “bad”. Getting malware on your computer is bad news for you and your business. But malware is not a specific program or piece of code. It’s actually a whole class of software that can ruin your day.
A computer virus is perhaps the most common form of malware -- or the one that most often comes to mind. Just as biological viruses infect and spread through human contact, computer viruses infect computer systems and replicate to other devices through the internet. There are so many viruses out in cyberspace now that it’s hard to keep up. That’s the job of antivirus software, which usually doubles as anti-malware software because it deals with other malicious software as well.
Other forms of malware include worms, trojans, spyware, adware, ransomware, botnets, rootkits, and keyloggers. These may be distinguished by how they infiltrate a computer system, what they do once they are there, or what the hacker intends to accomplish. A trojan, for instance, is generally downloaded as an add-on to a legitimate piece of software. Adware displays unwanted advertising through popups and other means. Ransomware attempts to disable a computer and exact money from the user.
Defending against malware requires a multi-pronged strategy. First, try your best to avoid websites that you don’t trust. We all like to surf the web, but we should be careful about what one writer calls “promiscuous browsing”. Even with all the protection in place today, you don’t want to push your luck. Second, make sure that your antivirus or anti-malware software is up-to-date. Bad guys are coming up with new malware every day, you need software that includes prevention or fixes for those hacks. Third, don’t click on links from people you don’t know. And our fourth piece of advice is just a warning: Be careful out there!
Denial of Service
This is an age-old problem that doesn’t want to go away. You may have heard it referred to as denial of service (DoS) or distributed denial of service (DDoS). The purpose of this hack is to flood your server or network with so any requests that it can’t handle all the traffic. When the congestion of data traffic becomes overwhelmed, the network element either stops functioning or is unavailable to other potential users.
DDoS attackers have developed clever ways to carry out their attacks in the 21st century. Botnets are a collective of dispersed network devices that operate according to the instructions of the attacker -- in this case to bombard a target with traffic. These may be timed attacks that are designed in the software (malware) that infects the computers of unsuspecting users.
Combating DDoS has two parts. First, you want to protect your IT infrastructure from attack. Second, you want to make sure that you are not unwittingly a part of someone’s botnet attack yourself. To prevent DDoS, you’ll want to make sure that your defenses include anti-malware software, firewalls, updated security patches, and good security settings. A DDoS protection service will help in both areas by monitoring for abnormal traffic flows in or out of your network.
Man-in-the-Middle
When a hacker is able to get between a user and an internet server, that’s called a man-in-the-middle attack. He may do this by impersonating an online entity and enticing you to either submit sensitive data or execute an action to accomplish his purposes.
Suppose you are in a public cafe and you want to take care of some online banking tasks. You go to the bank’s website, type in your login information, and securely connect to your bank. If the hacker is somehow able to intercept your connection, he may be able to capture your ID and password or hijack your security certificate. Despite continued efforts to prevent these attacks, they are still common.
Some of the methods that hackers use in performing man-in-the-middle attacks include:
- IP spoofing
- HTTPS spoofing
- DNS spoofing
- SSL hijacking
- Wi-Fi eavesdropping
- Stealing browser cookies
One of the best defenses against man-in-the-middle attacks is the use of a virtual private network (VPN). You can get an inexpensive VPN service or application for your laptop or mobile phone. This will lock down your internet traffic when you are on a public Wi-Fi by putting it into an encrypted tunnel.
Phishing
When a hacker wants to catch some private data, he goes phishing. The practice includes putting out bait for unsuspecting users and hoping that they’ll bite. This is often done with emails disguised to look like they come from a legitimate business.
In the example pictured below, as explained on the Berkeley website, there are some telltale signs that the email is a scam. First, the message comes from an email address that definitely does not belong to PayPal. Second, you can see grammar mistakes in the message (e.g., “your informations”). And third, when you do click the link it goes to a totally different website -- not PayPal.
Usually the spam filter in your email service will catch these and file them accordingly. But you must take responsibility and be careful. Remember, a whole host of political emails were hacked prior to the 2016 election because a campaign manager fell for a phishing scam. To avoid phishing, follow this rule: When in doubt, don’t click!
Conclusion
Of course, there are many more threats to your business that we haven’t covered here. If this seems overwhelming, feel free to contact us. There’s no company better positioned to provide Cincinnati IT security services. We specialize in IT services to Cincinnati, Dayton, and surrounding areas. We can help you identify security vulnerabilities and prevent attacks that can devastate your business. And we can educate you and your team on the best practices for IT security. We look forward to hearing from you.