It’s officially unofficial. We’re living in the Cyber Wild West, and there’s no way you’re getting out.
But since you’re here (and not going anywhere), it’s important to understand your enemy, build up your defenses, and protect yourself.
Let’s take a quick look at two of the most popular, most dangerous, and most successful cyber threats in the cyberverse.
Phishing: A business nightmare
Phishing is a nightmare the business world can’t seem to shake. But similar to Krueger’s razor-like gloves, this nightmare is all too real.
“It might have been around for almost twenty years, but phishing remains a threat for two reasons — it’s simple to carry out — even by one-person operations — and it works, because there’s still plenty of people on the internet who aren’t aware of the threats they face. And even the most sophisticated users can be caught out from time to time.” — ZDNet
What is phishing?
Phishing is a cyber threat that leverages email to spread malware. It’s highly successful for multiple reasons.
- It’s easy to reach users. A victim doesn’t have to visit an infected website. All they need to do is open their inbox.
- It’s easy to manipulate users. Cyber criminals can do baseline research on an individual and trick them into releasing sensitive information or downloading a malicious document.
- It’s easy to create urgency. For some reason, people respond differently to exclamation points and red text inside an email. If cyber criminals can string the right words together, it can push a sense of urgency and rush users into making poor online decisions.
How can you avoid phishing?
Sometimes, it’s easy to spot a phishing attack. Other times, not so much. Because of this, it’s important to know what to look for and how to respond to a potential phishing attack. Here’s what you should know.
- Don’t download anything from strangers. Attachments can do a lot of harm. Make sure you trust the sender before you decide to download anything.
- Don’t click links unless you know where it’ll take you. You can hover over the address to make sure it takes you to the right place. And if all else fails, get there by another means. For example, if your bank asks you to log into your account, type your bank’s website into the browser, then sign in.
- Don’t forget to double-check the sender. Whether it’s your insurance provider or a coworker, always double-check the spelling of the sender’s email address. Cyber criminals will try to trick you by copying a familiar email address — but this will usually be off by a letter or two. For example, firstname.lastname@example.org isn’t the same thing as email@example.com.
- Don’t rush into something. Ignore the exclamation points and sense of urgency. Take your time and follow internal processes. Just because someone claims a payment is late, doesn’t mean it is.
- Don’t forget to reach out to IT support. Sometimes cyber criminals will send the same malicious email to multiple people. Reach out to IT support or management and ask them to notify others of the attack. This way, you can reduce the potential for a successful attack.
Ransomware: A greedy stranger
Once upon a time, criminals kidnapped people. These days, they’re kidnapping data. Better or worse? We’ll let you be the judge of that.
“Out of 5,700 computers infected with the malware in a single day, about three percent of victims appeared to shell out for the ransom. At an average of $200 per victim, Symantec estimated that the attackers hauled in at least $34,000 that day. Extrapolating from this, they would have earned more than $394,000 in a month.” — Wired
What is ransomware?
Ransomware is a cyber threat that kidnaps your data and holds it for ransom. You can pick up ransomware from a website that contains malvertising (an ad infected with malware) or from an email that contains malicious content. But why is this threat so successful? Let’s take a quick look.
- Ransomware uses phishing. And we already covered how popular that particular cyber threat is. If a criminal decides to combine phishing with ransomware, you better watch out.
- Ransomware keeps its word. That’s right. If you pay the ransom, you’re most likely going to get your data back. Part of the reason ransomware is so successful is because people know that if they pay the fee, they’ll get their data back almost immediately. And it’s better to pay to get your data back than to try to operate without it.
- Ransomware is hard to get rid of. Once you’re infected with ransomware and your data is encrypted, there’s not much an IT company can do for you. With this particular threat, it’s all about prevention. If you’re reacting, then you’re paying.
How can you avoid ransomware?
Ransomware is tricky, and companies large and small have fallen victim to this ruthless cyber threat. However, the more you know about ransomware, the more likely it is you can protect your data from it. Here’s what you need to know.
- Remember what we said about phishing. Ransomware is all about those malicious emails. Be on the lookout for emails that spread malware, and you’ll steer clear of ransomware.
- Remember those malicious ads. Malvertising is no walk in the park either. Ads get the best of everyone. And plus, how many times have you accidentally clicked an online ad? The online world is rough — ads can make it rougher. Avoid ads that are too good to be true, ads that look even a little bit suspicious, and ads that may lead to a dark part of the web.
- Remember those updates. Ransomware typically exploits a known vulnerability within your system or software — vulnerabilities that can usually be patched up with an update. So the next time your computer asks you to update something, do it.
- Remember to back up your data. Even if you follow these tips and ransomware somehow makes it into your system, all is not lost yet. With a comprehensive backup solution, you can restore your kidnapped data quickly — no ransom or decryption code necessary.
Phishing and ransomware — that’s only just the beginning. In fact, if we’re going to talk cyber threats, then we need to talk internal threats. Employees — whether on purpose or by accident — can be the straw that broke the camel’s back. To learn why, take a look at 5 ways to keep your employees more cyber aware.