Here are The Top 5 Cyber-Threats to Your Computer Network and Personal Information
Trust us when we say, hackers are thinking about you this summer! Our field engineers and service managers are trained to think like hackers and cyber criminals. There are new threats to manage daily, so it makes sense to follow our lead where security is concerned.
Cyber-attacks are unquestionably on the rise. At NexusTek, our clients are routinely informed of the potential risks to their IT environment:
1. Brute force attacks
Systems that try to guess your password and gain access to the network.
2. Computer viruses and spyware
Symantec estimates that cybercrime victims worldwide lose around $388 billion each year (estimated monetary and lost time cited in Cyber Warfare by Paul Rosenzweig), while a McAfee study put cybercrime profits at an estimated $600 billion a year.
3. Top viruses and spyware of 2015:
- Ransomware – encrypts all files a user has access to on a network. Attacks of late are sport names such as CryptoWall, CryptoLocker, and VirRansom to name a few. These malicious attacks leave your data completely encrypted and unusable, giving you the options of paying a ransom (as much as $600 or more) or restoring from backup and potentially losing information. On June 23, 2015, the FBI issued this alert to the public addressing the CryptoWall threat.
- TDSS – steals username, password, and credit card data
- Win32/FakeSysDef – fake antivirus, spyware, and PC Tuning program
4. Unsupported operating systems
Windows XP reached its end-of-support-life in April 2014. Windows Server 2003 reached its end-of-support-life in July, 2015. Utilizing these legacy operating systems needlessly creates risk for your network.
5. Email Phishing Scams
Emails designed to steal financial information from unsuspecting users.
Don’t Be a Victim – Take Proactive Measures to Protect your Data, your Employees, and your Business:
Enforce Network Password Policies – Mitigate Brute Force Attacks
- Complex Password – Three unique type of characters
- Minimum Length – 8 or more characters
- Maximum Age – 90 days
- Lock Out Account – 3-5 failed attempts
- New research indicates that longer passwords are harder to crack than complex passwords. Using passphrases versus a password strengthens security
- Enforce two-factor authentication (for example, using both a password and text message to gain access)
- Updates (not to be confused with upgrades) are designed to help your system evolve with the current environment and fix bugs that are inevitable when integrating complex systems
- Ensure you run only fully supported operating systems to ensure security update vigilance by the publisher (for example, Microsoft)
- Ensure your antivirus is turned on, up-to-date, properly installed, and monitored*
- Managed, multi-tier security platforms protect against viruses, spyware, compromised websites, and intrusions
- Email is the most common point of entry for viruses, ransomware, and phishing attacks
- Using a spam/malware filtering service makes it harder for evildoers to cause problems
- Firewalls create an environment that is difficult to penetrate by would-be criminals. If it takes too much work to penetrate, your system will not be the top of the target list for hackers
- Test your firewall quarterly using a reputable security company that can perform a penetration test
- Review your backup/continuity strategy to minimize downtime in case of an attack
- Ensure your backup process is working and completely successful. Regular test data restores are imperative! *
- Monitoring in real-time is necessary due to the evolution of the hacker. They have morphed from the IT genius alone in his basement with a lot of time on his hands to well-organized entities with strategy and staff focused on making money. *
Your Staff is the Target
1. Train employees not to open attachments from people they don’t know and refer all suspicious messages to trained IT experts for evaluation.
2. If practical, disallow the use of personal email while at work. Security is compromised due to the variety of email services offered and inability to control the content of these emails.
3. Double-check all messages regarding financial matters: go to the bank/institution website directly; do not click on provided email links.
- Verify all wire transfer requests with a phone call or another two-factor (described previously) authentication mechanism
- Hackers frequently target CFO and accounting departments of public companies. The most common practice is requesting wire transfers through email
4. Create complex, hard-to-guess passwords (better yet, require this through system policies!):
- Mix numbers and letters, and symbols in passwords. Don’t use pet names, family names, etc. Long passwords of complete gibberish using mixed characters are the best
- Use an unusual phrase instead of just a word, and replace letters with numbers or vice versa
5. Notify IT support of any unusual programs on your computer, or if your computer is warning you about disk issues, performance problems, etc.
6. Discourage users from keeping personal data on business computers, and ensure they save all work files to a network location that is backed up and monitored.
If you have questions about IT security or how NexusTek can help your IT work for you, contact us or call 303-773-6464