Ransomware, spear phishing, exploit kits. These are
just a few of the threats targeting one of the most vulnerable links in any
cybersecurity architecture – the unaware human. Security software and tools can
help to mitigate even this risk, but without at least basic security awareness
it is difficult to avoid all the pitfalls.
However, European Cyber Security Month offers a great opportunity to
remind people of some of the practices that can keep malicious actors at bay
and show that following even a few simple rules can help decrease the
cybersecurity risks.
Ransomware
The best way to stay safe from this type of data-encrypting and money-extorting malware is to regularly
back-up all your sensitive information and use a regularly updated security
suite that protects your device on multiple levels.
However, ransomware operators are creative and
often try to circumvent protective measures by convincing users to run infected
executables. To achieve their fraudulent aims they often send communications
pretending to be a tracking notification from a delivery company (such as
FedEx), a banking email, or an ‘intriguing message’.
Making users aware of this technique lowers the
probability that they will open and click on any unknown or suspicious email
attachments (e.g. with double extension such as “.PDF.EXE”), links or files. In
this way, the risk of infection can be decreased.
Excessive use of shared network folders can also
contribute to the spread of ransomware infections. Having a common drive might
be convenient for data sharing, but if not limited correctly, it can offer a
channel for malware to target other devices connected to the same network and
encrypt their contents as well. As well as limiting privileges for individual
network members, users should also be trained not to use such spaces for
storing sensitive, valuable or irreplaceable files.
Phishing
Here is the most common phishing scenario: you
receive an email with the logo of your bank or PayPal at the top. It asks you
politely to check the settings of your account and, via the link provided,
provide your credentials and further information. But it is not your bank that
will receive your personal details – it will be the cybercriminals behind this
attack.
Authorities in the
UK receive a report about an attack like this every five or six minutes.
This translates into an astonishing 96,000 attempted attacks every year in just
one country of the EU. It is important to note that this method works
regardless of the operating system or platform that victims use on their
devices, as cybercriminals only need your inbox to get to you.
Without training, many people are likely to fall
for the scam. But by being aware of how phishing works, any ‘weird’ email that your best friend,
boss or even ‘bank’ sends you can be verified. And honestly, in a world where almost two-thirds of the global population have a mobile
phone, it only takes a short call or an SMS message to check the authenticity
of such a message.
Exploit kits
A cyber infection can be just one click away. Some
malicious websites contain exploit kits that are designed to scan your device
for vulnerabilities. If the software kits discovers one, it will exploit it and
upload malicious code onto your computer or mobile phone, often with
destructive consequences.
There is one simple rule that can help: never go on
a clicking spree. If you receive an offer that sounds too good to be true, it
probably is. Also, not every funny or otherwise interesting content is worth
the click. Make sure you know where your browser will take you next and avoid
any suspicious sites that you don’t recognize.
This approach is easy enough, but it cannot provide
you with the level of security of an updated and reliable security suite, one
that is able to identify and block dangerous websites and navigate your clicks
to a safer location.