As more and more work is taking place solely online, the importance of keeping information – both personal and professional – secure has grown. From phishing scams to ransomware attacks, everyone must remain cautious and wary when conducting their day-to-day business online.
The first step to your security is understanding what types of threats you should be aware of:
- Adware: Adware is a computer program that installs itself on your computer without your consent. It often displays advertising on your desktop, and redirects your web browser to advertising sites. Once embedded, it can slow down your computer and your internet connection. Adware can be caught by visiting websites with pop-ups that ask you to install a program, ‘click here to win’ sites, or as part of a bundle from legitimate software downloaded from an illegitimate source.
- Denial of Service (DoS) Attack: A DoS attack occurs when hackers artificially increase demand on a service, such as a webpage, to overload the system and knock the page offline. This creates a temporary disruption in service as regular users become unable to access your website.
- Keystroke Logging: Software, or hardware, that is designed to capture what you enter on your keyboard. A system infected with a “keystroke logger” can transmit or capture everything you type to an external device or server, exposing passwords, emails, and other information.
- Malware: Like adware, malware is a program that is installed without your consent and can impact your computer system. Malware often includes ‘scareware’ which creates pop-ups warning you of errors with your system, and prompts you for personal information to fix it. Once in your computer, malware can also completely erase your system, steal information, and take complete control of your computer system.
- Pharming: Pharming involves re-directing users to an illegitimate website that may appear to be legitimate. Something as simple as using .CA instead of .COM could redirect you to a page that seems like the legitimate site, but is actually designed to solicit and steal personal information.
- Phishing: Phishing is a direct effort by a third party to get information from an individual. Often posing as another individual or organization, the phishers will solicit personal information from their targets that they can then exploit, often for financial gain.
- Ransomware: Ransomware is a dangerous type of malware that completely locks down a computer system, or computer network, and demands payment for the lockdown to be removed. Ransomware can be installed when people open attachments included in phishing emails, as well as opening up attachments in website pop-ups.
- Spoofing: Spoofing is when a website or email appears to be legitimate at first glance. They sometimes have the sender’s name appear to be from a known contact or organization, but is actually an attempt to solicit information or financial gain.
The second step to security is to ensure you are protecting yourself, and your data, by being proactive. Organizations should have a cyber security plan that ensures that all staff and volunteers, who have access to organization emails and servers, are aware of and following that plan. Most security breaches are caused by human error, so you can reduce your organization’s chances of falling victim to an online threat by making sure staff and volunteers know how to spot them. Ensure that staff and volunteers are:
- Checking Web Addresses: Ensure that websites visited are valid and accurate. If certain sites are visited often, encourage staff to rely on bookmarking those pages rather than typing in the address each time.
- Approach emails with caution: If you receive an email with an attachment, do not open it immediately. First, verify the sender email by making sure the email address matches known emails for that person. Just because the name of the sender is correct, doesn’t mean the email address is correct and came from them. Second, verify that you were expecting an attachment. If a contact sends you a message with an attachment you weren’t expecting, or the language in the email seems ‘off’, find a way to contact that person directly (a phone call is best) and verify an email attachment was sent.
- Protect Your Systems: Ensure that computers have adequate protection through the installation of anti-virus software, firewall programs, and strong passwords for accounts. Also keeping systems up to date is important. Ensure that your operating system, and installed programs, are updated regularly with the newest patches. Out of date systems and software are easy targets.
- Protect Your Accounts: Encourage regular password changes, the use of strong passwords (strings of letters, numbers and symbols), and password variety across accounts (not using the same password for everything).
- Add Two-Factor Authentication: Two-factor authentication is a process that secures accounts with an extra layer of protection. This can be done by requiring a verification code for each new log-in into an account. Verification pin numbers are sent to an associated phone number, email address, or other secondary contact.
- Add Cyber Insurance to Your Policy: Many insurance providers now offer cyber insurance plans to help organizations recover financial losses due to a cyberattack. Cyberattack insurance is relatively new and not always automatic on existing plans. Meet with your insurance provider to discuss available options and what kind of coverage may be right for you.
These steps are a good entry point to help you and your organization to stay safe online, but you should create an online plan to guide this work and to ensure that all steps work for your organization and meet your needs.
Further Reading:
5 Rules You Should Always Follow to Avoid Getting Scammed Online