We would all like to believe the internet is safe – that everyone browsing the world wide web has good intentions and acts in our best interest. Unfortunately there is no denying that criminals are also online – trying to make money (and trouble) with little regard for the welfare of others.
In the previous articles of this series, we looked at how information security has become more important than ever, and how malware attacks can cost your business. Today we examine the main ways you can keep yourself safe and protect your business from malware.
What is Malware?
Before we look into how to protect yourself, let’s quickly recap on what malware is and how it spreads. Malware or malicious software is any kind of software that is designed to harm a computer. While there are many different forms of malware, all of it can be identified by its malicious intent.
Hackers use malware in order to gain access to systems, expose private data and hold businesses to ransom. While some attacks are targeted at specific persons or companies, many types of malware are sent out as spam to as many people as possible – hoping that even one might be successful.
How does malware spread?
There is no definitive list of how malware can spread as new attacks are being thought up every day. However, there are common methods that many types of malware will use and these all involve common internet activities like:
- Downloading software
- Visiting websites
- Clicking on pop-up windows
- Opening attachments or clicking links in emails
So how do you use the internet safely when malware can spread via almost everything you are likely to do online? While you can never be 100% safe, there are some practical steps you can take to improve your security and limit your exposure to threats.
Keep your computer and software updated
Cybersecurity is a constant battle, where hackers try to find new exploits and vulnerabilities in software and security professionals try to patch them up.
Known exploits for old software are often shared by hacking groups, making people still using this software more likely to be targeted.
By keeping your computer and software updated, you can stay ahead of the hackers and limit the vulnerabilities in your system.
Use a non-administrator account where possible
Many systems, including your computer’s operating system, allow you to create multiple accounts. An administrator account has access to everything, including installing new software, whereas non-administrator accounts have more limited access.
Sometimes your computer needs additional powers to complete a task like installing software. In these cases, it will prompt you for the details of an administrator account.
Before entering these details, be certain that the computer is performing a task at your request – are you installing software from a known-good source? If so, then it is likely OK to proceed. If you didn’t do anything to trigger this prompt for administrator details, you may wish to deny the request – malware can also ask for permission to install itself!
Using a non-administrator account for your day-to-day computer use can make it more difficult for malware to be installed onto your computer and if you do get attacked, the hackers will also only have limited access to your system.
Think twice before clicking on links or downloading anything
As we saw above, clicking on unknown links and downloading unknown files is a common way for malware to spread. By being cautious about what things you click on, you can reduce your exposure to malware.
However, you have to click on things at some point in order to use the internet – so how do you know what’s safe to click on and what’s not? Many browsers have built-in measures to stop you from visiting known-bad links. They will provide you with warnings, but as this environment changes so rapidly they cannot stop everything. Other signifiers of “less than reliable” sites can be things like poor grammar and overly intrusive advertising (like pop-up windows.)
Links (both on webpages and in emails) can be particularly sneaky by using domain names that look a lot like a reputable site. Instead of “mybank.com.ph” they might use “mybankph.co” or even “mybаnk.com.ph” which looks almost indistinguishable from the original “mybank.com.ph” but uses a Cyrillic “а” instead of the standard Latin “a.” You could be forgiven for finding this confusing – the characters are identical (or very close) in most fonts, but to a computer they are different.
The important takeaway from this, is for important links like your banking and financial requirements, never click a link in an email – type it yourself into the address bar of your browser.
Be careful about opening attachments from emails
Just like clicking on links, opening attachments from unknown email addresses is an easy way to expose yourself to malware. Always check the “from” field in your email browser, and if you don’t know the address, don’t open any attachments or click on any links.
That said, email is an inherently insecure medium of communication, so even checking the “from” field can’t protect you in all cases – it’s possible for malicious parties to “spoof” this address and impersonate another user you know.
In a sophisticated attack, these emails may even address you by name (it’s particularly easy to gather your name from most corporate email addresses which are of the format [email protected]) so you need to be wary.
Before opening an attachment, ask yourself:
- Were you expecting an attachment from this person?
- Did the email use the same kind of language you would expect from the sender?
- Did they explain what they were sending and why?
All of these questions can help you determine how risky the file is.
This type of attack is also common on social media, where they can create a fake account and make it look like a real business. So be careful opening attachments or clicking links on these sites too.
Don’t trust pop-up windows that ask you to download software
While using the internet, some sites may show pop-up windows that ask you to download software. If you did not take a specific action to initiate such a pop-up (such as clicking to download software from a legitimate business), it is likely that this pop-up is malware.
This is especially the case if the popup is trying to scare you into taking an action, such as telling you your computer is infected or that you are in trouble. Don’t fall for this trick – simply close the popup (or browser if you have to) and avoid clicking inside anywhere within the popup window.
These scare tactics are also common in email and social media attacks like the ones mentioned above – keep your eyes open and don’t be caught off guard!
Limit file sharing
Some sites allow you to quickly and easily share files with other users. Often, these sites offer no or little protection from malware, and malicious software can be disguised as or bundled in with legitimate files for songs, games, movies or programs. Always download your software from reputable websites.
Use strong passwords and don’t reuse passwords
Passwords are how we limit access to our private accounts across the internet. If you use the same password on multiple accounts across multiple sites, then if any one of those accounts is exposed, all of your accounts are exposed.
The easiest way to better protect yourself from this risk is to use a different password for each account, and to use strong passwords. It may seem impossible to remember all these long, unique passwords, but that is why many experts now recommend the use of a password manager.
A password manager stores all these complex passwords for you, and can even generate long unique passwords automatically, to ensure maximum security. You just need to remember one good password – the one to unlock your password manager.
What makes a good password though? Contrary to popular belief, just adding some special characters like “%” to a password does not inherently make it strong. The key aspect of modern password security is making them long – 12 characters or more.
A strong password:
- Is long, often using 4 or 5 words to form a memorable pass-phrase
- Uses numbers, symbols or misspellings to make it more unique
- Doesn’t contain any personal information such names or birthdays / birth years
- Avoids common phrases such as 12345, qwerty or a single word