Cyber Security attacks dominated the news in 2014 involving Home Depot, Sony, Target, and JPMorgan Chase along with the various vulnerabilities that rattled I.T. departments such as the OpenSSL Heartbleed, SSL 3.0 Poodle, and Shellshock to name a few. We mostly hear about these larger scale attacks because they impact big business, but this trend is slowly changing as cybercriminals are finding it easier to attack small businesses. In the past, attackers had the tendency to follow the big money as the financial payoff is greater, but with the explosion of Internet connected devices and online related purchases cybercrime is becoming much more prevalent in today’s society targeting the average Joe. With that being said, the purpose of our article is to point out some of the security threats that will emerge in 2015 and what we can do to stop them.
Before we jump in we want to say this: People are the weakest link when it comes to allowing security issues into our networks. So our advice and request is that we educate ourselves, peers, friends, boss(s), etc. about this topic so we can prevent a disaster from striking. Trust us, no one wants to get hit with some sort of security vulnerability and create a monster I.T. issue. These issues are time consuming and expensive – especially if a crucial deadline is unexpectedly delayed.
Security threats to be aware of and avoid in 2015:
•Malicious messages that really look like the real thing. Cybercriminals trick victims with messages that appear to be legitimate. These criminals have built advanced “toolkits” that help them create realistic looking messages and malware that can be essentially pointed at let’s say your bank and it scrapes all the logos, language, and everything making it look real so when you get the email without hesitation you will login giving them your password. If you’re unsure about an email, call your bank and verify the validity of the message.
•Ransomware that holds your data hostage. Hopefully you didn’t experience the infamous Cryptolocker. In the past, this would typically only happen on your PC, but now it’s happening on servers, cloud services, and smart phones. If you ever experience a program requesting that you pay to unlock your data immediately contact your I.T. department. Do not pay anything and hopefully you have a backup of your data so you can restore to a previous point in time.
•Point of sale attacks like the one that hit Target which affected more than 40 million people are on the rise even though industry professionals are upgrading equipment to the chip-and-pin technology. The problem with these is it’s hard to inoculate yourself from these attacks unless you go away from using a credit or debit card altogether. There is ways to help with this situation which you can read more about below.
•Mobile threats are an attractive target due to the plethora of personal information as people are buying more and more things online with a smart phone. We recommend not purchasing over public WiFi and running the latest versions of your mobile operating system. You can even purchase Antivirus for your smart phone.
•Small businesses not having a “Bring Your Own Device” (BYOD) policy in place coupled with the lack of employee awareness in regards to social engineering attacks is a very high concern. Social media services typically ask for permission to access your personal information and even your contact list sometimes which as you know can expose many risks.
Advice to improve security in 2015:
•Make sure your I.T. department regularly reviews your systems and advises decision makers on ways to stay secure.
•Buy cyber liability insurance.
•Perform backups on all of your computers and servers every 24 hours at minimum.
•Protect all computers and servers with Antivirus and Antimalware software. We recommend AVG and Malwarebytes.
•Protect inbound/outbound email with a 3rd party security service.
•Protect your office and home office networks with Cisco or WatchGuard firewalls.
•Change all system passwords at least every 90-120 days.
•Use a complex password. The key to a strong password is length and complexity. For example, the password should be at minimum of 8 characters, have numbers, capital letters, symbols, and not a word in the dictionary.
•Don’t allow anyone to plug in external USB drives into your computers. We recommend disabling storage devices from functioning when connecting them to a USB port and only allowing this when authorized.
•Disable all un-used ports on your firewall, servers, and computers. For example, if you are not using email or FTP then turn off SMTP port 25 and FTP port 21.
•Do not purchase anything what-so-ever on public WiFi connections.
•Enable BitLocker on your PC so if it gets stolen the data cannot be extracted.
•Monitor credit/debit card statements closely and flag charges that look suspicious. Alternatively, you can use one credit card primarily for retail purchases and move small amounts of money to this card before shopping. That way if a retail vendor’s network is breached and your bank suddenly decides to cancel your card, you won’t be dead in the water until your new card is issued which can takes weeks sometimes.