If your phone gets wet, dry it out safely in a bowl of rice
Smart phones and water are a terrible combination – as anyone who has gotten a little too unlucky in a bathroom can tell you. But whether you’ve dropped your phone into a toilet, splashed it while washing the dishes, or been caught out in a rain storm, the internet has a quick, simply solution to save your device: put it in rice.
The general idea behind this advice is that the rice will absorb the water, drawing it out of your phone before it can damage the circuitry. Rice is very absorbent after all, so it’s easy to see why this myth would gain popularity in a “just common sense” kind of thinking.
Sadly putting your phone in rice doesn’t help, and in some cases may even make the situation worse. Rice is dusty, and leaving your phone in rice can introduce small particles that can further damage the electronics. It’s also not any better or faster at drying your phone than a warm room.
The real danger to a drenched phone is not the water, but electricity. While no phone is fully waterproof, most are water resistant – so if you turn your phone off immediately you might be able to salvage it by getting it dried professionally.
Leaving your laptop plugged in all the time will lower your battery life
Verdict: It’s complicated
There’s no worse way to start a work day than sitting down at your desk and opening up your laptop only to find the battery is flat! It’s this fear that drives many of us to leave our laptops plugged in whenever it’s on our desk, and this action has led to a very common myth: leaving your laptop plugged in all the time will lower the battery life.
No one wants to ruin their expensive devices, and surely it’s better safe than sorry, so following this myth feels a bit of a no-brainer. Leaving your laptop on charge might be more convenient, but is it really worth the risk?
Well actually, it’s a bit more complicated that the myth would have you believe. Firstly – the capacity of a battery goes down over time, no matter what you do. This means that after a while, your laptop battery will “die” and you’ll need to get a new one. Certain things will make your battery capacity degrade faster, and leaving you laptop on charge all the time might be one of those things.
However, leaving your laptop plugged in may make it worse. If you use you laptop when it is on charge, the battery will drop below 100% and immediately start charging again – essentially running multiple charge cycles while you work.
This is why many vendors such as Apple, HP and Asus recommend keeping your battery at 50-80% of charge, and have tools which will let you set your laptop to only charge to 80/90% full. Alternatively, if you are constantly using your laptop, taking it off charge at 100% and placing it back on charge when you are done is completely safe.
If you leave your laptop open, people can access your webcam to spy into your room
With video conferencing becoming such a huge part of the modern workday, many people have begun using the webcams in their laptops for the first time ever. Even if you’re new to webcams though, you may have already heard the myth of people hacking into your webcam and being able to “spy” into your room.
Luckily there is a quick and easy way to stop this hack in its tracks: turn off your laptop. The webcam cannot be activated while the laptop is off, so rather than leaving your laptop is rest or sleep mode, close the lid and power down!
For extra security while using your laptop, another method is to simply cover the webcam. You can find specific hardware for this task (some laptops even have built in covers), but a small piece of tape or cloth will achieve the same result and still be easily removed when you need to jump on a conference call.
What internet myths have you heard?
That’s 4 common internet myths put to the test, but it’s far from an exhaustive list. Have you heard these myths before? Were you surprised at our results? What other internet myths have you heard? Share your thoughts with us and join the conversation over at facebook.com/upgradetorise.
Another key component was structuring the event so that there was always something for attendees to be doing – after all, you can’t just have everyone in your office trying to talk over each other in the one zoom call!
Segmenting the event into smaller groups that people could move between, or organizing activities and games to keep people interacting, were great ways to keep spirits high and everyone having fun.
Lastly, just because the event itself is held virtually, doesn’t mean that everything needs to be online-only. Sending out small gift bags to attendees is a great way to add a little extra to your event, and adds a nice physical touch to an otherwise wholly digital event.
Our tips for virtual Christmas parties:
Sending party packs to people working remotely
Holding the event during work hours / at a suitable time for people working from different time zones
Segment your event into multiple parts, so that people can pick and choose which ones they attend
2021 – mixing it up with online and in-person office parties
This year brings a new wrinkle. After settling into the “new normal” of all-virtual events, we have the opportunity to actually hold in-person events! The widespread rollout of vaccines and the easing of restrictions means that many offices are open once more.
However, not everyone is racing back to the office, and rather than a return to the “old normal” of pre-covid life, we find ourselves in a mix of old and new – in person and virtual working environments.
In such a situation, maintaining strong office culture is paramount in keeping both employee morale and productivity high. So how do you make your in-office and remote workers feel like part of the same team? At this time of year, there’s no better opportunity than the office Christmas party.
The first option is to simply hold a traditional, in-person event and invite your remote employees as well as in-office workers. Unlike the usual office party though, it would be best to hold this event outside the office. Remote workers might feel out of place if you have the party at the office, and in-office workers who are more comfortable with the environment might stay together in their own clique rather than mingling.
Holding the event outside the office in a neutral space promotes inter-team mingling, and helps ensure everyone is comfortable. It’s also a great way to make sure you have enough space for everyone if your office still faces restrictions on the number of people you can have in the building!
The second option is to have a mixed in-office and virtual event. This is a bit trickier to coordinate, and relies on many of the concepts we looked at previously to be successful. However, it may also lead to a higher turnout amongst remote employees compared to a fully in-person event.
A good idea for mixed events is to bring in a guest speaker or party host to run the event. This person can help keep the party running smoothly, and better interact with both in-office and remote attendees throughout the event so no-one feels left out.
Our tips for mixed Christmas parties:
Hold the event in a neutral space if going all in-person
Use a party host to keep everyone interacting throughout the event
Keep your in-person attendees gathered in one area so that remote attendees can feel involved and part of the team
2022 – the end of virtual events?
With all this said and done, what will the future hold for office Christmas parties? Will we still be having virtual events and connecting with our co-workers via a zoom call at the end of 2022? Or will we be back to in-person partying only?
It’s hard to know what the future holds, especially in these (still) unprecedented times. All we know is that it’s always a good idea to be prepared for anything that might happen. Maybe the world will return to the old ways or maybe it won’t, but you need to be prepared to adapt and seize the opportunities that the new year brings.
Whether it’s running your office, your own business or a virtual Christmas party, the best way to ensure success is a strong internet connection. With no data caps, no slow downs and 24/7 technical support, RISE enterprise internet plans keep your in-office and remote teams connected 100%. Find out more at rise.ph/enterprise and make the connection today.
This is the fundamental flaw with being simply “transparent” about how you share data. If you know your users won’t take the time to understand what you are doing, it doesn’t really matter how open you are about it. That’s why it’s important for digital services to also follow the next two principles:
Sometimes also referred to as Purpose Limitation, the principle of Legitimate Purpose refers to the idea that any data collected or shared by an online service should only be done for a clear and specific purpose that is beneficial to the user.
Basically, organisations should only collect user data for a specific purpose, clearly state what that purpose is, and only retain data for as long as necessary to complete that purpose.
This may sound like a limiting factor, but many online services are set up to extract as much data as possible under the guise of providing the “best-possible” service to users. Take our Google search example from above – is it necessary to share your location, what device you are using in order to complete a simple search?
Obviously not, however by using this information Google can provide a search result that is more specific to you: whether that’s using your location to show businesses near you, your previous search history to show you a more specific result to a generic question, or to make sure the sites shown will all display correctly on your device.
The third principle of Data Privacy is Proportionality – the idea that any data collected should be limited to the smallest amount of data required to complete the service. Also known as Data Minimisation, this principle is mainly concerned with reducing the amount of data lost in a potential breach, and limiting the chance that incorrect data is collected.
Proportional data collection covers the amount of personal data collected, including the extent of processing involved, the period of their storage, and their accessibility. Keeping data collected restricted to only what is proportional to the service helps to limit what data is shared to only what is expected by the user.
While a Google search may provide better results when your previous search history data is present, can the same be said about sending an email? Imagine receiving an email from your coworker that included all the websites they had visited that day!
Should I be worried about my data?
The expectation of privacy from regular internet users, and the legal and political issues that arise from that expectation, are why Data Privacy is such an important topic. Many countries around the world have created their own Data Privacy laws, including the Data Privacy Act in the Philippines. These laws help to codify the principles of Data Privacy, and ensure safe and secure internet services for all.
With that said, you should always be careful about what you share about yourself online. When asked to provide information by a web service, make sure that the data requested is actually required to complete the service you want. Even when using email or social media sites, think about what information you post – if the worst should happen, would you want to share this with a complete stranger?
In the coming weeks we will be examining Data Privacy and the steps you can take to better protect yourself and your data online.
While this sounds ridiculous, Moore’s Law ended up being too conservative. Prior to the turn of the millennium, the number of transistors in modern computer chips often doubled faster than every 2 years! In the last 20 years, technology has advanced beyond what anyone could have ever anticipated, and now you have billions of transistors inside every device you own.
This exponential advancement is not just limited to computer chips either – all technology is constantly evolving and adapting to provide new and better services, along with more connections and more access to these services.
As an Internet Service Provider, RISE matches this constant technological advancement by regularly updating (and upgrading) our network infrastructure.
Improve network performance
Possibly the most obvious reason to upgrade your network infrastructure is to improve the performance of the network. As new technology is generally faster and more reliable, it’s a good idea to keep an eye on new products entering the market and how they can be deployed within our existing network. This kind of upgrade can enable higher service speeds for our customers, and reduce failover and recovery times when there is an incident like a fiber break.
These performance improvements in both speed and reliability allow RISE to remain competitive and provide world-class internet services to all our customers. We strive to always provide the best internet experience to businesses in the Philippines, and keeping our infrastructure upgraded regularly is a key factor in achieving that goal.
Reduce the chance of failure
If you want to limit the amount of maintenance you need to perform on your network, you need to keep it up-to-date. Regular upgrades to both the software and hardware of a network is a great way to minimise the time spent on maintenance.
Like most things in the physical world, it is common for network infrastructure to fail in a pattern that reliability engineers describe as a “bathtub curve” – referring to a high failure rate early in the lifespan of the product, low in the middle, and high again at the end of their life.
You may have noticed this yourself when purchasing electronics – they will tend to fail either soon after you purchase them, or late in their life. We make sure to “soak test” all devices (running them without production traffic) before deployment to help reduce the risk of these early failures, and then towards the end of life, we upgrade and replace.
With software on core network devices, the conversation is more complex. The newest versions of software often introduce bugs that were not present in older releases, and our engineers must balance “latest and greatest” with “old and faithful.”
It is crucial in these cases to ensure firstly that there are no known security vulnerabilities in your software, and then secondarily to balance new features and the benefits they provide vs. the potential for new bugs.
Once the decision is made to deploy new software, we test, test, test and then deploy slowly (maybe only one, low impact device at first) to make sure we maintain a high level of reliability for our customers.
Improve network security
In the movies, cyber criminals like hackers are often portrayed as geniuses who can learn to compromise any system within seconds. In the real world, it takes time for these criminals to get their hands on the tech and find the weaknesses.
This means that the longer a piece of technology has been on the market, the more likely it is that hackers have found a way to exploit that tech. Using outdated applications and equipment creates network vulnerabilities that could bring down your network or even your entire organization.
Upgrading network infrastructure cuts this problem off before it can even become an issue. Updates are constantly made to tighten the security on the components that comprise a network, adding in new security features and keeping hackers from becoming too familiar with the systems in place.
Connect to new locations
An often overlooked but critical benefit of upgrading your infrastructure is being able to connect with other providers and expand the network into new areas. In the past, it was often the case for individual ISP’s to be using different technology that had difficulties connecting with other networks.
In the modern age, most networks have upgraded their technology to be similar enough that they can easily interconnect with other providers, improving the scalability of all networks (how fast and how far you can expand) and creating a more stable, capable and reliable network for all users.
How RISE are upgrading our networks
In our mission to accelerate the internet in the Philippines, RISE are constantly looking to upgrade and expand our network infrastructure. In the last year, we’ve focused on upgrading the capacity of our network to improve the business internet experience of Filipinos, as well as connecting with more uplink providers to increase network stability and reliability.
These activities have been matched by our greater fiber infrastructure rollout, expanding our network into a greater coverage area and connecting more buildings. On top of this, we’ve also upgraded all our core service offerings to provide higher speeds for our enterprise plans.
At the centre of this agenda are the 17 Sustainable Development Goals (SDGs), which form an urgent call to action for all countries in a global partnership towards ending poverty, improving health and education, reducing inequality, and growing economies while successfully managing climate change and working to preserve our natural environments.
What role does the internet have in these goals?
The three pillars of the SDGs are social, economic, and environmental, and the internet plays a vital role in the success of all these goals. Along with being it’s own goal, reliable internet access provides the platform on which local governments can engage with their communities to grow grass roots support, develop programs, and take action.
While the SDGs were negotiated back in 2015, they were still written with a clear understanding of the importance of internet access to their success. The recent pandemic has underscored how fundamental the internet has become to people’s lives and livelihoods.
Health, education, economic growth, gender equality, food production – all can be improved with universal internet access. The SDGs can combine the efforts of citizens, companies and governments to push for universal internet access as a central pillar of efforts to build back better.
Social Goals and Connecting Communities
The first of the three pillars for Sustainable Development is Social – combining several goals that focus on improving the quality of life for individuals and their local communities. This includes reducing poverty rates, improving access to health and medical services, eliminating hunger, and building sustainable and resilient cities.
The internet meets these goals head on, directly providing and expanding access to education and resources on a global level. It was also able to connect previously isolated healthcare professionals to their counterparts globally.
Reliable internet access allows for key success in these goals by connecting individuals to their communities both locally and globally. Strong internet also betters the planning and logistics of community development, giving people a voice in how their cities are built and what services can be provided to the area.
Along with adapting to the changing conditions of the pandemic, the internet is also a major driver in technological innovation and entrepreneurship. Businesses are able to create more sustainable operations through automation, and new businesses that take advantage of emerging technology are starting up everyday.
Whether it’s a natural wonder of the world like the Amazon rainforest or simply the nature strip on your home street, protecting the environment is a core pillar of sustainable development. When it comes to advocating for sustainable environmental policy and action, no tool has been more important to empowering the people than the internet.
The internet is a fantastic resource both for environmental education and activism, as developers can quickly find relevant information and standards for sustainable development early in the planning process. Likewise, the internet can be used to monitor, provide updates, and regulate this development.
Beyond preserving nature, the environmental goals of the SDGs are concerned with sustainable agriculture – providing a framework for safe, eco-friendly farming practices. Farming technology has received a particular benefit here, as high-speed internet services have unlocked automation for a broad range of food production, while web-based apps allow everyone to run their own market garden operation.
Reliable internet access is just as important as any internet access. Everyday internet tasks like online learning, working or shopping become very difficult (if not impossible) when your connection isn’t strong enough, or you can’t afford enough data, or your family shares a single device.
The internet plays a crucial role in achieving the goals of sustainable development. By working hard to improve the reliability and performance of all internet providers in the Philippines, and by improving access to internet services with equal opportunities for networks and users, RISE are doing our part in helping to meet the targets of the 2030 Sustainable Development.
Access to the private data of businesses is very valuable, even a basic email account can be worth a lot to hackers. With access to someone’s email account you can take control of their bank details or steal business information, or simply use the “legitimate” address to send out spam and other phishing attacks.
Hackers are always coming up with new ways to gain access to your data, and so you need to stay in front of them. By updating your password regularly, you can reduce the risk that other people have consistent use of your accounts, and can remove access from anyone who shouldn’t be there.
Use multiple passwords to protect against breaches
It is always better to be proactive than reactive when it comes to changing your password, as you don’t always know when one of your accounts has been breached. In many cases, it can be quite difficult to figure out if someone else is using your account!
If you use the same password on multiple accounts across multiple sites, then if any one of those accounts is exposed, all of your accounts are exposed. The easiest way to better protect yourself from this risk is to use a different password for each account.
This way if one of your accounts is breached, you don’t give the hacker access to everything. You may need to close or sanitize your twitter account, but you don’t have to completely purge your entire digital life.
How to make a strong password
Now that you are updating your password regularly and using a unique password for each service, you need to make sure that you are creating strong passwords. A strong password is one that is easy to remember and difficult for hackers (and hacking software) to guess.
Quantity is often more important than quality when it comes to making a strong password – a long password of all lowercase letters is far stronger than a short password with special characters! Shorter passwords are typically easier to guess, especially ones that include common phrases like 12345, qwerty or the always popular “password”.
Combining 4 to 5 words to form a memorable pass-phrase is a good start, especially if you use numbers, symbols or misspelled words to make it more unique. Make sure it’s not identifiable to you specifically, that means no personal information such as names or birthdays (or birth years).
Combining all these concepts we can make a strong password that looks like this:
These words have no relation to each other, and the use of capital letters and exclamation marks makes it difficult for hacking software to simply guess combinations of words.
Password apps can make staying safe easy
The biggest problem with using multiple strong passwords is remembering them all. If you need a different password for every account you use, and all of them have to be updated regularly, and all of them have to be unique, it can be quite difficult to remember which password goes with which service.
The worst thing a person can do is write down all their passwords, either on a note next to their computer or in an unsecured text file. Having all your passwords collected in one place (especially if you do this on a work computer) makes it much easier for hackers to steal, and all your hard work creating strong passwords goes out the window.
Password manager apps can be a great help in this regard – storing all your passwords in a secured location that makes it easy for you to access your services and hard for hackers to breach.
Most modern devices and web browsers even have built-in password management tools that you can access fairly seamlessly. However, for extra peace of mind or for advanced management tools, you can look at specific apps like Dashlane, Bitwarden or LastPass. The advantage of using a specific service or app like this is that they are normally available across both your web browser and your phone.
Before we look into how to protect yourself, let’s quickly recap on what malware is and how it spreads. Malware or malicious software is any kind of software that is designed to harm a computer. While there are many different forms of malware, all of it can be identified by its malicious intent.
Hackers use malware in order to gain access to systems, expose private data and hold businesses to ransom. While some attacks are targeted at specific persons or companies, many types of malware are sent out as spam to as many people as possible – hoping that even one might be successful.
How does malware spread?
There is no definitive list of how malware can spread as new attacks are being thought up every day. However, there are common methods that many types of malware will use and these all involve common internet activities like:
Clicking on pop-up windows
Opening attachments or clicking links in emails
So how do you use the internet safely when malware can spread via almost everything you are likely to do online? While you can never be 100% safe, there are some practical steps you can take to improve your security and limit your exposure to threats.
Keep your computer and software updated
Cybersecurity is a constant battle, where hackers try to find new exploits and vulnerabilities in software and security professionals try to patch them up.
Known exploits for old software are often shared by hacking groups, making people still using this software more likely to be targeted.
By keeping your computer and software updated, you can stay ahead of the hackers and limit the vulnerabilities in your system.
Use a non-administrator account where possible
Many systems, including your computer’s operating system, allow you to create multiple accounts. An administrator account has access to everything, including installing new software, whereas non-administrator accounts have more limited access.
Sometimes your computer needs additional powers to complete a task like installing software. In these cases, it will prompt you for the details of an administrator account.
Before entering these details, be certain that the computer is performing a task at your request – are you installing software from a known-good source? If so, then it is likely OK to proceed. If you didn’t do anything to trigger this prompt for administrator details, you may wish to deny the request – malware can also ask for permission to install itself!
Using a non-administrator account for your day-to-day computer use can make it more difficult for malware to be installed onto your computer and if you do get attacked, the hackers will also only have limited access to your system.
Think twice before clicking on links or downloading anything
As we saw above, clicking on unknown links and downloading unknown files is a common way for malware to spread. By being cautious about what things you click on, you can reduce your exposure to malware.
However, you have to click on things at some point in order to use the internet – so how do you know what’s safe to click on and what’s not? Many browsers have built-in measures to stop you from visiting known-bad links. They will provide you with warnings, but as this environment changes so rapidly they cannot stop everything. Other signifiers of “less than reliable” sites can be things like poor grammar and overly intrusive advertising (like pop-up windows.)
Links (both on webpages and in emails) can be particularly sneaky by using domain names that look a lot like a reputable site. Instead of “mybank.com.ph” they might use “mybankph.co” or even “mybаnk.com.ph” which looks almost indistinguishable from the original “mybank.com.ph” but uses a Cyrillic “а” instead of the standard Latin “a.” You could be forgiven for finding this confusing – the characters are identical (or very close) in most fonts, but to a computer they are different.
The important takeaway from this, is for important links like your banking and financial requirements, never click a link in an email – type it yourself into the address bar of your browser.
Be careful about opening attachments from emails
Just like clicking on links, opening attachments from unknown email addresses is an easy way to expose yourself to malware. Always check the “from” field in your email browser, and if you don’t know the address, don’t open any attachments or click on any links.
That said, email is an inherently insecure medium of communication, so even checking the “from” field can’t protect you in all cases – it’s possible for malicious parties to “spoof” this address and impersonate another user you know.
In a sophisticated attack, these emails may even address you by name (it’s particularly easy to gather your name from most corporate email addresses which are of the format [email protected]) so you need to be wary.
Before opening an attachment, ask yourself:
Were you expecting an attachment from this person?
Did the email use the same kind of language you would expect from the sender?
Did they explain what they were sending and why?
All of these questions can help you determine how risky the file is.
This type of attack is also common on social media, where they can create a fake account and make it look like a real business. So be careful opening attachments or clicking links on these sites too.
Don’t trust pop-up windows that ask you to download software
While using the internet, some sites may show pop-up windows that ask you to download software. If you did not take a specific action to initiate such a pop-up (such as clicking to download software from a legitimate business), it is likely that this pop-up is malware.
This is especially the case if the popup is trying to scare you into taking an action, such as telling you your computer is infected or that you are in trouble. Don’t fall for this trick – simply close the popup (or browser if you have to) and avoid clicking inside anywhere within the popup window.
These scare tactics are also common in email and social media attacks like the ones mentioned above – keep your eyes open and don’t be caught off guard!
Limit file sharing
Some sites allow you to quickly and easily share files with other users. Often, these sites offer no or little protection from malware, and malicious software can be disguised as or bundled in with legitimate files for songs, games, movies or programs. Always download your software from reputable websites.
Use strong passwords and don’t reuse passwords
Passwords are how we limit access to our private accounts across the internet. If you use the same password on multiple accounts across multiple sites, then if any one of those accounts is exposed, all of your accounts are exposed.
The easiest way to better protect yourself from this risk is to use a different password for each account, and to use strong passwords. It may seem impossible to remember all these long, unique passwords, but that is why many experts now recommend the use of a password manager.
A password manager stores all these complex passwords for you, and can even generate long unique passwords automatically, to ensure maximum security. You just need to remember one good password – the one to unlock your password manager.
What makes a good password though? Contrary to popular belief, just adding some special characters like “%” to a password does not inherently make it strong. The key aspect of modern password security is making them long – 12 characters or more.
A strong password:
Is long, often using 4 or 5 words to form a memorable pass-phrase
Uses numbers, symbols or misspellings to make it more unique
Doesn’t contain any personal information such names or birthdays / birth years
Avoids common phrases such as 12345, qwerty or a single word
Worst still, it is very possible that your data is already exposed – hundreds of companies are targeted every year by hackers trying to discover vulnerabilities in their systems. Large social network sites such as Facebook and LinkedIn have had leaks* totalling over 580 million accounts, while in 2013 Target had a POS compromise, exposing 40 million credit card numbers.
*A data “leak” is what happens after someone exploits a vulnerability and posts the data. A hacker searches for a vulnerability so they can exfiltrate the data, then either hold it to ransom or leak it.
How much could a malware attack cost me?
There is a lot of value in any hack, depending on the scale of the attack. Even gaining access to a single email address can be valuable to a hacker, as this can allow them to utilise the account to send spam or phishing emails from a more “legitimate” address, as well as gain access to any private information that requires that email address to perform a password reset.
In recent times, ransomware has become the most common type of attack, accounting for over 50% of all hacks. Rather than leak data, this type of malware is designed to shutdown operations and hold your company hostage unless you pay the hackers.
Even when companies can avoid paying the ransom, the direct price of being hacked can be much larger. Lawsuits following major breaches can add up into the hundreds of millions. Uber was fined $148 million for ignoring a breach of their user data, while Equifax settled for $700 million following their breach.
Malware attacks can have other costs to your business, including:
The most common type of ransomware attacks are designed to lock up your business operations and prevent you from running normally. The cost in lost productivity is closely tied with how quickly the attack is discovered – faster detection limits the spread of the infection as well as the time spent in remediation with the hacker.
Along with this lost productivity, an attack that stops your business from operating also incurs downtime costs – how long does it take you to return to normal operations? Businesses can limit their downtime costs by having secure and up-to-date backups of their data, allowing them to quickly get back up and running following an attack.
Impact on Clients
Malware attacks don’t just impact your business, they also impact other companies and people who you do business with. At best, having your own operations compromised adversely affects the relationship between your business and your clients, at worst the infection can spread from your company to theirs.
Damage to Your Brand or Reputation
The cost of damage to your businesses reputation can be hard to quantify, but its effects can definitely be felt. Customers and clients have become far more sensitive to cybersecurity threats, and a business that has been exposed to ransomware is not one that many will trust in the modern age.
Ransomware can have a huge impact on your business, from direct cost to flow on effects upon your customers and clients. That is why it is so important to maintain strong cybersecurity and information security practices.
In the third article in this series, we will look further into how you can keep yourself, your data and your business safe from malware attacks.
Phishing relies on tapping into the routine operations of your business and how employees respond to specific situations. By being aware of how hackers can exploit these operations and situations, you can better defend against their attacks.
Phishing is by far the most common approach, and is where the hacker pretends to be someone else via email or phone in order to get you to divulge sensitive information or allow the hacker access to a system.
Hackers are always changing their specific tactics, but there are some common warning signs of phishing attacks to watch out for. For phishing emails, these include:
The from email addresses in email is misspelt / incorrect
HTML attachments / unclear or suspicious links
No personalised information about you (emails that address you as “Dear Customer…”)
Fear is also a very common tactic for hackers, and they will often try to scare you into following their requests by mimicking account deactivation emails, warnings from officials like police or tax officers, or even threaten firing by pretending to be your boss.
While phishing attacks over email are very common, any channel can be used by hackers. You can avoid phishing over email, phone, social media – even macros in word and excel documents – by following a few simple steps:
Don’t click on links or open attachments unless you are expecting them (and only from known contacts)
If there’s a link in the email (for example to your bank), instead of clicking on the link, open a new browser and go to the website directly as you normally would (ie: by searching for your bank in google)
While phishing happens primarily in the digital space, there are a few other common social engineering attacks to keep watch for that happen in the real world. Keep watch for the following around your place of business:
Tailgating is trying to gain physical access to an area by following someone else – literally walking through the door they opened.
This can also be achieved by pretending to be a delivery man carrying in heavy boxes, or by wearing a fake uniform like a janitor, so that an employee of the business will open the door for you.
Waterholding is where a hacker will attend the same physical places as other workers, such as restaurants or bars that the team frequent, in order to overhear important information or learn specific details about the business (such as work patterns, names of employees, or even what uniforms they wear).
This information then lets them better pose as another employee or business partner in order to run their other hacking attempts.
Waterholding is not limited to the real world, and it can be quite common for hackers to join public groups, forums or social media pages of their target businesses as well.
Baiting is the modern form of bribery – giving people gifts or rewards in order to gain information or have the person make a particular action.
The main difference between baiting and bribery is that the person being bribed knows a trade is happening, whereas a person being baited may have no knowledge that they have been victim of an attack.
An example of this may be receiving an email from a fancy restaurant or nightclub offering free meals – just click the link below to claim now! However, when you click the link, you also download malware onto your computer, giving a hacker remote access to your machine and potentially exposing the entire network!
Once a hacker has access, they can install and run malware – malicious software designed specifically to cause damage or disrupt a computer, server, client or network.
Malware can take on many forms, and you may be aware of some of these types of already:
Bots / zombies
Protecting your computer and your network from malware is fairly straightforward, and there are several steps you can take to improve your security.
Install antivirus software and keep it up to date
Don’t open attachments from unknown sources
Keep applications and OS up to date
Turn off office macros and don’t bypass security warnings
While these measures are a strong start to keeping your computer safe from malware, the best protection is to avoid malware altogether. By utilising safe browsing techniques, you can greatly reduce your chances of being exposed to malware.
Learn to use incognito and private tabs
If you are using a modern browser to access the internet, you are probably familiar with incognito and private tabs. These are tabs that are more “secure” than normal tabs and windows, because they do not share data and credentials with non-private tabs.
This makes incognito and private tabs a great option for secure activities like banking. Make sure you exit out of your incognito tabs though – as while they can’t share data with non-private tabs they can share data and credentials between other private tabs.
Check for HTTP vs HTTPS
HTTP (or hypertext transfer protocol) is how the internet transmits web pages. Over the last couple years, a more secure version of this protocol has been developed, called HTTPS.
A site using HTTPS typically has a padlock icon in the top left corner of your browser, and indicates the site is encrypted so that no one else can see your data.
However, hackers can also use HTTPS on their own sites, so having the padlock is no longer a guarantee of safety. You should definitely still check though, and when in doubt – back out!
Remember that this padlock icon is only used on websites – it has no meaning at all in emails or on social media. If you see a padlock icon in an email or social media post, it could be a phishing attempt.
Be careful on social media
Social media can also be used to run phishing attacks or launch malware. Be careful in what you share online (especially as it relates to your business), as hackers can use this information to pose as employees or find email addresses to target.
Online identities on social media are easy to fabricate, so don’t trust messages or posts from people who you don’t know, and don’t communicate business matters over non-corporate channels.
Conclusion – Protecting Your Information
Information security practices are a great first step in protecting yourself and your business online. It can be daunting to learn about phishing and malware attacks, but being aware of these threats is the best way to avoid falling victim to them.
Be proactive about your information security and don’t be afraid to ask for assistance! Report suspicious activity to your IT team or reach out to cyber security experts and keep your business – and yourself – safe online.