Cyber attacks continue to cause record levels of disruption. From the 1,209 total data breaches in 2016, over 1.1 billion identities were exposed. With attackers frequently using simple tools and tactics that make a big impact, it’s increasingly important for companies to safeguard their systems and networks from possible attacks. Here are some ways to prevent common cyber attacks.
[You Might Also Like: Infographic – “6 Common Cyber Attacks”]
Typically, malware is introduced to a system through email attachments, software downloads, or operating system vulnerabilities. It infects a machine by tricking users into clicking and/or installing a program that they shouldn’t from the internet. When the click or installation occurs, the malicious code performs actions that the user doesn’t intend, such as blocking access to files, programs, or the entire system.
To prevent malware, avoid clicking on links or downloading attachments from unknown senders. Installing firewalls will also prevent the transfer of large data files over the network to help eliminate attachments that may contain malware. Make sure that your computer’s operating system is up-to-date as software programmers frequently update programs to fix any holes or weak points.
A phishing email includes a link that directs the user to a dummy site that will steal a user’s information, and in some cases, all the user must do is click on the link. These fraudulent emails appear to be sent from legitimate companies, and the link usually directs you to a spoofed website to obtain your personal information.
You can prevent phishing by verifying any requests from companies that come through email over the phone. If the email contains a phone number, do not call that number. Instead, find the number of the company online or within previous, legitimate documentation you have received from that company.
Password attacks do not require any type of malicious code or software to run on the operating system. Attackers will use software on their own system to try and crack your password. A method commonly used by attackers is called a brute force attack which is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN).
Using a strong password is the only way to safeguard against password attacks. It’s best to use a combination of upper and lower case letters, symbols, and numbers, as well as having at least eight characters or more. If an attacker is using a brute force password cracking program, the attacker can typically unlock a password with all lower-case letters in minutes. It’s also not recommended to use words found in the dictionary as this makes the attackers job easier, especially if the attacker is comparing various word combinations against a dictionary file. Changing passwords at regular intervals is also a good practice to decrease your chance of being a victim of a password attack.
Denial of Service (DoS) Attacks
The most common way an attacker executes a DoS attack is through a distributed-denial-of-service (DDoS) attack. This type of attack involves the attacker using multiple computers to send traffic and/or data that will overload the system. Large companies are typically the only companies that may be targeted by an outside group or attacker.
The best way to prevent this type of attack is to keep your system as secure as possible with regular software updates, online security monitoring, and monitoring your data flow to identify any unusual or threatening spikes in traffic. Physically monitoring your connections is also recommended since DoS attacks can be executed by cutting a cable or removing a plug that connects your website’s server to the internet.
“Man in the Middle” (MITM)
A MITM gains access through a non-encrypted wireless access point such as one that doesn’t use WAP, WPA, WPA2, or other security measures. This gives them access to all the information being transferred between parties.
Only use encrypted wireless access points that use WPA security or greater to prevent MITM. If you need to connect to a website, make sure it uses an HTTPS connection. For better security, invest in a virtual private network (VPN).
A drive-by download can be initiated by simply visiting a website or viewing an HTML email. It usually exploits a browser, app, or operating system that is out of date or has a security flaw.
Keeping your operating systems and software programs up-to-date and minimizing the number of browser add-ons you use is the best way to prevent drive-by downloads.
There are many steps that can be taken by businesses to protect their own private information as well as their customer data and prevent cyber attacks. With technology continuing to evolve and attackers becoming increasingly intelligent, it’s important to have measures in place to prevent cyber attacks and to keep your employees educated on cyber security.
To download the Symantec Internet Security Thread Report 2017 click here.