Tech Tips

Cybersecurity

Posted on by Pioneer Solutions

What is Cybersecurity?

Cybersecurity is the practice of protecting a computer system or network from information or data theft along with disruption and damage to hardware and software. This is becoming more and more necessary due to an increase in cybercrime. There are many types of cybercrimes and many ways to prevent yourself from being a victim. Some of the types of cybercrime are a Distributed Denial-of-Service (DDoS) attack, Eavesdropping, Phishing, Malware, SQL Injection and a Man-in-the-middle (MITM) attack.

Types of attacks and possible motives of hackers

Distributed Denial-of-Service Attack (DDoS) is when a hacker tries to shut down a machine or network by possibly sending it fake server requests leaving no bandwidth for legitimate traffic.

Motives:

  • It can just be hackers that are having fun or showing off their skills
  • It could be an ex-employee wanting revenge at an organisation

Eavesdropping is when someone may try to listen to your conversation or watch you type a password in. This could be anyone around you including an employee from work or even a stranger who has been near you.

Motives:

  • By finding sensitive details about you they may just try to log in to something through your account
  • They may use the data to obtain money from a bank
  • It could even be used to monitor your activities
  • They may want your information to disguise themselves as you

Phishing is when a hacker tries to collect any sensitive data or personal information from you be sending an email, message or any form of contact. They disguise it to look like it has been sent by a legitimate company. By doing so it will trick the user into inputting requested data through a malicious link or downloading a malicious programme/ software.

Motives:

  • They may want your information to disguise themselves as you
  • It may be to log onto somewhere using your credentials
  • Could be used to blackmail a user into giving money

Malware is a malicious software such as spyware, ransomware, viruses and worms. Malware reaches through a vulnerability in the network. Normally in the form of a dangerous link or email attachment that then installs an unsafe software. Once it is in the system it can block access to the key components of the network, install additional harmful software and obtain information by transmitting data from the hard drive.

Motives:

  • The main motive is to get money

SQL injection occurs when a hacker inserts malicious code into a server to force the server to reveal sensitive information.

Motives:

  • They can hold your data for ransom
  • They may use it to hide data you may have
  • As a way of exposing an untruthful/ corrupt organisation

A Man-in-the-middle Attack is when attackers place themselves in a transaction between two parties. They then interrupt the traffic and filter or even steal data. This mainly happens when using insecure public Wi-Fi.

Motives:

  • Steal sensitive information

How to implement Cybersecurity

Protect yourself with a Firewall

Thisis a security device which monitors and filters incoming and outgoing network traffic based on the organisation’s policies. There are many types of firewalls, including hardware and software firewalls.

Staff Awareness Training

This is increasingly common in workplaces. Expanding your knowledge, and that of your peers, about the methods and risks ensure staff always remain vigilant, preventing themselves from being vulnerable or at fault of an attack.

Penetration & Network Testing

This is when a white hat hacker is employed to identify any weaknesses within a network.

Review Password Policies

Ensuring your passwords are strong (conforming to a certain length and complexity) makes it harder for a hacker to crack or guess.

Passwords should be saved in a secure vault or “password keeper”. They should never be stored in an Excel workbook or Word document named “PASSWORDS”. Surprisingly, this is a common mistake made by a lot of small organisations.

Misplacement

Do not leave USB memory stick’s lying around, especially if they contain sensitive data and are unencrypted, as they could be stolen and easily read.

Unpatched or outdated software

Unpatched operating systems (including the operating system your mobile phone!) and outdated software applications are less secure and more vulnerable to an attack. Devices should be patched and monitored regularly.

Encryption

Encryption makes it harder for hackers to understand or read your data. Operating systems provide an easy way to encrypt your disk – BitLocker on Windows, or FileVault on Mac OS ensures your disk is always encrypted in case it is ever lost or stolen. Word and Excel files containing sensitive information should be password protected using the Protect Document feature.

Overall, there are many ways to keep yourself safe from online predators and one method of protection is sometimes not enough. A hacker can always find a way in to acquire what they need, but as we see the progression in cyber threats increasing, being cautious on the internet is essential to decrease your chance of being a victim. Even the smallest things such as checking for the ‘padlock’ on a website to see if it is secure or checking for spelling mistakes in what you think is a phishing email can aid you.

For more tips and advice, or to book a Cybersecurity consultancy, please contact us.