Company IT Security: Tools & Training to Put in Place

There’s no question that in today’s online world you need to make sure that your company knows how to keep its information secure. Aside from headline issues like corporate espionage, there are always issues with hackers, malware, or simply having information leaked that shouldn’t be brought up outside the company. While modern company information security can seem a little bit overwhelming to some people, breaking it down into a few important steps can make the difference.

Emphasize Proper Password Use

This is a huge issue. Not only should there be some serious password protection to get into any part of your website or hosting, but each employee should have his own password to get into their mail, web account, or anything else where sensitive information might be stored online.

There should be a password for each step, and these different passwords need to follow certain safety precautions:

  • The passwords should not be the same
  • Every password should have letters, numbers, a capital letter, and special characters
  • Longer is better for passwords
  • Never record passwords online

Corporate Email Spam Filters

Having high quality spam filters are required to prevent phishing emails from coming through. There are many online tools for malware, hackers, and other troublemakers to get information they shouldn’t have or the ability to screw up a company’s system. A powerful spam filter is critical to minimizing the potential for this, and this needs to be paired with training for individuals.

Training for Dealing with Spam or “Strange” Inbound Calls

A chain is only as effective as its weakest link. Some spam is going to slip through and there are always chances of phone calls from strange or blocked numbers where someone tries to break through security through an employee or by manipulating an employee for that matter.

The best way to handle this is by making security training part of the initial orientation for inbound calls. Make sure each of your employees knows what information should never be released and how to handle reporting when a potential strange call or spam phishing attempt takes place.

You need to have solid protocols in place on how to deal with these situations and then train your employees to do just that. A little bit of upfront effort can help keep your information secure and clear policies help make sure that it stays and works for all .

Shredding of Documents

Sometimes the old school way of doing things is simply the best way to go. Shredding documents that you don’t want getting out and making it a practice for all papers to be shredded before being collected and thrown away can ensure that no important information is gathered via hastily written notes or other non official papers. There are so many ways where information can leak out and a few shredders are a good way to make sure it doesn’t happen out of carelessness.

If you follow these tips and rely on improving the procedures considering all the upcoming scenarios at stake, information security for your company will never be a serious obstacle again.

Signs & indicators of a cyber attack

How do you prepare for a cyber security threat? One good way is to make sure you know what the signs are so when one happens you don’t ignore it. Anyone who uses the Internet for business or personal purposes is most likely to be attacked.

Loading Speed

Do you notice that your computer is having trouble connecting online because everything seems to be loading slowly? If you happen to know that your computer is usually faster and nobody in the network is doing anything like gaming or movie streaming, it could be an attack of some kind. A lot of attacks can be easily traced if you keep an eye on the network traffic as you will see that tons of different IPs keep trying to connect or are online when in fact you know there are less people working through that network connection. A good way to prevent attacks like this is to have strong passwords in your network and to make sure that you keep an eye on traffic to see if anything misleads.

Suspicious Questions

Threats to cyber security can exist among people who work for you or live in your home. Either way, if you ever see emails that ask for your password or if you receive phone calls that seek that kind of information, never answer them. You should get in touch with the company’s help desk, if someone calls you from there, to see if the call was really valid. Also, if you are online and someone asks you a question like what the first street you live on was, that’s probably a trap.

Limit your Info

cyber attack indicatorsSocial media is where people give out a lot of info. You can learn a lot about people and if you have too much information online you could be in trouble. For example, if your bank account’s security question is “what was the first school you went to?”, someone could find it if you list all the schools you attended at before. There are also people who collect information in creative ways, such as initiating a game where you get a name based on your first pet’s name and street name you grew up on. Don’t take part in such games – they are actually collecting security questions.

Know when to get HELP

Are you noticing different problems with your computers lately that never used to happen before? Programs that abruptly close, not having regular updates requests and not-working antivirus programs can mean that something is fishy. Antivirus program should run on a regular schedule since someone could just easily be tracking what you do in your computers. There are also things like ransomware where the virus asks you to pay for it to go away, and if you do they will only probably steal more from your accounts. Go get a professional help right away if this happens to you.

Cyber security threat awareness matters if you use or plan to use the Internet. You can use this information to help you know the signs and indicators of an attack that is about to happen, you can take preventive steps to resolve it before it crashes a significant part of your life.

countermeasures during a cyber attack

Any computer that is exposed on the internet is prone to hackers, especially if the owner is neither careful nor familiar with cyber attacks. Whether you carry some sensitive information of the company you work for, or you just use computer from home, you need to be secure. I’ll be discussing some of the most effective countermeasures you should do in order to win over a cyber attack.

Hire IT Professionals

Try to hire an IT staff or IT security team to have them working at your company since most of the attacks can be prevented by keeping a watchful eye on your network. When someone tries to get into the network, they probably will buy time especially if they don’t have the password. That attempt is easy to trace and stop, especially if they use a range of IPs which a professional can just block in seconds until the attempt crashes. Of course, there’s more to it than that usual activity, which is why a professional who is familiar with networks should be preferred.

Restrict Data and Internet Access

An attack can come from a lot of sources, so be prepared to deal with all of them with proper hardware protections in place. Don’t let new employees access whatever they want, your IT person can set up accounts that can give restrictions. Make sure you have filters for the Internet if you have to deal with people downloading what they shouldn’t. You also need to make sure that you keep everything that’s important, let’s say a hard drive or a server that’s private and keep it locked up and/or at least covered by CCTV cameras.

The Right Antivirus

How can you ensure that you’re using the right antivirus or anti-spyware to keep your computers safe? It is a top priority to have your software updated on a regular basis. Sometimes there are actual scenarios you can expect when your computers seem to have problems. For instance, there may be a program that is constantly running and slowing down everything, if you can avoid that it would be better that way. Also see to it that your antivirus does its scanning on websites and files you work with from time to time.

The Right Peopleware

countermeasures during a cyber attack- the right peoplewareWill you have people that know all the information about you and your company or staff? You need to train everyone especially with the kind of questions that needs no answer if they are called or asked by anyone (an outsider in particular). New employees need to be screened carefully so that you don’t hire a spy who can steal information and just leave. There are really good hackers out there who can socially engineer a situation to end up having your data. Humans are considered the biggest part of IT security because it’s easier to trick someone than to hack a system with proper security in place.

You can set preparations to make sure it’s less likely to have a cyber attack. However, since hackers just keep getting better, no matter what you do, with your computer online, there’s always a chance you could be attacked. This is why it’s always good to know what to do or who to contact when cyber attacks take place. We all have to be extra careful with our activities online and extra wiser than hackers. Know the security protocols and coordinate suspicious scenarios accordingly.

6 most common cyber security threats

The internet has given us so many great things – it’s made the world smaller, it’s allowed us to do business with virtually anyone on the planet, and it’s broken down many of the barriers that used to exist with communication.

However there’s a much darker side to the internet, and I’m not talking about seedy adult content sites. I’m talking about cyber security – a very real and growing threat to everyone. It’s not only big businesses at risk, but also small to medium businesses, and even individuals at home.

In this article I’m going to share the 6 most common cyber security risks you can face today. After all, awareness is the first step to prevention!

Common Cyber Security Threat #1: Phishing

Phishing, which is a homophone of fishing, is a high-tech fraud that uses email, IM or other communication channels to deceive you into disclosing personal, company and/or financial info such as account IDs, passwords, and credit card details or account credentials. The attacker usually disguises as a person from a position of authority or reputable company.

The message that a victim receives may appear to have been sent by a familiar contact or organization. The enclosed links or any attachment in the message may install malware on a victim’s device or direct him to a suspicious website set up where he is tricked to provide confidential information.

Nowadays, high-end cyber criminals rely mostly on phishing as it is much easier to trick someone into clicking a malicious link in a polished email than to break through a computer’s security. They can now quickly identify the nature of the messages that goes viral even in Facebook – breaking news stories whether true or fictional. This is what they use as phishing “hooks“. Phishing campaigns are also rampant on the holidays.

Common Cyber Security Threat #2: Malware

6 most common cyber security threats - malwareMalware is a short term for “malicious software” which is considered very annoying and harmful to your computer. This is a software which was made to secretly access a device without the knowledge of the user. It is said that this began as a prank but gone are the days when teenage pranksters created malware for this purpose.

Malware has evolved a lot up to this day, and has even been known for its various types depending on the intent of the software creator. In fact, some were named depending on its purpose – spyware and phishing which are both used to steal information, adware which is a forced advertising, ransomware which is used for extortion, a spam for spreading email, worms, trojan horses, viruses, rootkits and browser hijackers.

Malware, just like any other viruses, gets access to your device via email and the internet, game demos, music files, free subscriptions or just anything you download from the web.  One symptom you may notice, if in case yours got infected by malware, is when your computer starts to frequently crash and slows down in its performance.

Common Cyber Security Threat #3: Insider Threat

An insider threat refers to a hacker who happens to be an employee of an organization, agency or a business. It can also apply to an outsider who poses as an employee by having fake credentials. The person or the hacker who does the crime is also known as a cracker or a black hat. This threat typically happens in 4 stages:

  1. The cracker gets access to the network or system.
  2. Thorough investigation on how the system or network works in order to learn where the sensitive points are and where the most damage can be applied to easily.
  3. The workstation setup.
  4. Actual disastrous activity takes place.

Insider threats are displeased or angry employees or ex-employees who believe that the business has ruined their lives and revenge is the only thing that will make them feel justified. We have actually seen this type of story in some power cast Hollywood action movies where the villain usually makes an exemplary plan to make the vengeance possible.

The damage would take many forms such as ushering in of viruses (worms or trojan horses), stealing of confidential info or money, corrupting or erasing pertinent data, altering data for false evidence or just to produce inconvenience, and stealing of the IDs of some individuals in the company.

Common Cyber Security Threat #4: Denial of Service (DOS)

DoS or the Denial of Service is a cyber threat wherein the intruder attempts to block legitimate users from their access to information and services online.  The attacker usually targets your computer and its network connection, and sometimes targets the network connection and system of the sites you are trying to use. This can prevent you from using email, online accounts like banking etc., websites or other services that is connected to the affected system.

Typing a URL of the site on your web browser means sending a request to the site’s network for an access. Whilst the computer network can only grant certain number of requests at a time, it can result to a denial of your request once the DoS attacks since it usually floods the network with information.  The attacker sends massive messages asking the network or server to authenticate requests that contain invalid return addresses. The server will not be able to locate the return address of the attacker upon replying for the authentication approval, so it still has to wait before it can close the connection. Once it closes the connection, the attacker again sends more messages, and the process keeps the server busy.

The same goes with your email when DoS starts to send spam messages, it tries to use up the maximum memory of your email storage, which leaves no space in memory and not receiving legitimate emails and messages. There are different ways on how DoS attacks, but below are the basic ones:

  • Flooding the network with information preventing legitimate traffic
  • Interrupting connection of two computers which prevents access to a service
  • Blocking a particular user from accessing a service
  • Disrupting a service to a specific user
  • Ruining the state of information like resetting the TCP sessions

Although it doesn’t involve stealing of money and information, ID theft and such, it can still put your time and money in an inconvenient state when dealing with ineffective and inaccessible services due to massive network traffic and connection interference.

Common Cyber Security Threat #5: Spam

Spam is generally considered to be electronic junk mail which intends to flood the internet with the same message in huge number of copies. Spam tries to force the message on internet users who would not otherwise prefer to receive it.  The term can also be associated with unsolicited or unwanted emails. Spam contains mostly of commercial advertising, suspicious products, money schemes and etc..

Spam does not only waste your time but also consumes most part of your network bandwidth which can give you poor net performance.

Common Cyber Security Threat #6: Keystroke Logging

Keystroke Logging is a process of monitoring every keystroke a user presses on a keyboard. It uses a device or a program which is commonly called a keystroke logger or a keylogger (short term). As a hardware device, it appears as a small plug that connects keyboard and computer. This type of device collects every keystroke and saves it as a plain text in its own tiny hard drive. It should be physically removed in order to access the information gathered. As a small program, it can be downloaded to monitor a specific activity on a computer. It can also be a spyware or a part of a RAT (rootkit or remote administration Trojan horse). The keylogger program, in the same manner, records each keystroke and uploads the information over the internet.

6 most common cyber security threats-keyloggerThese programs are promoted for parents in monitoring their children’s activity on the internet and allowed for employers to put an eye on their employees during working hours. However, as these can be embedded in spyware, your information such as passwords, PIN, banking and personal information can also be transmitted to an unknown third party. This makes it unsafe and one of the cyber threats you need to be aware of.

Wrapping Up

We are living in a digital world and most of our important information are being transferred online. It only means that all of us are prone to meeting one of the above most commonly known cyber threats.

The best advice: be very careful in opening email attachments and be mindful when surfing the internet. You may want to be cautious about suspicious websites you may open or may be asked to be directed to. Make sure you install and update a quality antivirus program.  If you run an organization, there is no harm in finding a quality managed services firm who can help you, like Seccom Global, Australian cyber security company. Lastly, never try to use public computers when you need to access your personal or financial information online.

It might save you a huge headache in your busy and active life.