Cyber-Security 101

Cyber-Security is defined as:

“The activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation.”

Cyber-Security impacts all of us when we go online, use our mobile device or our tablets, or even when we use a cloud-based services. We all interact with various products and tools designed to protect our credentials and personal information when we go on-line. It is critical for everyone to understand cyber-security and our role in staying safe while being connected to the internet to minimize the chances of a “security incident”.

Cyber-Security focuses on protecting our mobile devices such as smart phones or tablets, our computers, the networks, programs and data from unauthorized access or manipulation. By understanding cyber-security, we take the first step in protecting ourselves, our families and our organizations.

How Does Cyber-Security Impact My Life?

In order to protect yourself, your family, and your organization against the many threats online, it is important for you to understand these types of threats and attacks (see below).

A threat is what might happen; and an attack is the execution of a given threat. Cyber attacks target users to gain access to their personal information for identity theft or intellectual property (IP) theft.

Hackers have many tools they use to perform identity theft or IP theft. You need to be aware of the different ways hackers attempt to steal data. Skilled, determined hackers can break, enter, and succeed within minutes. Other times, they spend days or weeks establishing back doors and fortifying their positions inside your network. Some of the ways hackers steal your information are:

• Phishing Scams - Email phishing is one of the oldest, and most successful, web hacking techniques out there. Approximately 0.4 percent of people targeted fall victim to these attacks.
• Buffer Overflow – This technique is used by more sophisticated hackers who are able to gain access to customer data via online forms.
• Hashing Passwords/Password Hacking - The use of overly simple passwords and/or not changing the password that came with your computer, tablet, device, modem or Wifi router.
• Downloading Free Software - Downloading free software is almost never a good idea for business owners. Whether you are looking for a freeware or shareware version of Microsoft Office or accounting software, consider that by going the free route you are likely introducing malware, viruses, or “buggy” software into your system.
• Fault Injection - Also known as “fuzzing”, fault injection is one of the more complicated web hacking techniques where criminals research ways to infiltrate your source code and then try inputting different code to see if they can crash the system.
• Malicious Wifi - Fake wireless access points in a public location. No hack is easier to accomplish than a fake wireless access point (WAP).
• Cookie Theft -Browser cookies are a wonderful invention that preserves "state" when a user navigates a website. However, when a hacker steals your cookies, and by virtue of doing so, they become authenticated to your websites as if they were you and had supplied a valid log-on name and password.
• Spoofing - Spoofing is a type of scam where an intruder attempts to gain unauthorized access to a user's system or information by pretending to be the user. Similarly E-mail spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source.
• Waterhole Attack - A watering hole attack is a security exploit in which the attacker seeks to compromise a specific group of end users by infecting websites that members of the group are known to visit. The goal is to infect a targeted user's computer and gain access to the network at the target's place of employment.
• Host File Redirect - The Windows Hosts file allows you to define which domain names (websites) are linked to which IP addresses. The Windows Hosts file can be used to block websites, redirect them, create shortcuts to websites, create your own local domains, and more. Cybercriminals sometime add malicious entries into the host file cause end users problems.
• Denial of Service - a denial-of-service (DoS) or Distributed-denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.
• Malware - Malware is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, trojan horses, ransomware, spyware, adware, scareware, and other malicious programs.
• Trojan or Trojan Horse - Trojan horse is any malicious computer program which is used to hack into a computer by misleading users of its true intent. The term is derived from the Ancient Greek story of the wooden horse that was used to help Greek troops invade the city of Troy by stealth.
• Ransomware - a type of malicious software designed to block access to a computer system until a sum of money is paid. Although Ransomware is usually aimed at individuals, it's only a matter of time before business is targeted as well"
• Spyware - software that enables a user to obtain covert information about another's computer activities by transmitting data covertly from their hard drive.
• Adware - software that automatically displays or downloads advertising material (often unwanted) when a user is online.
• Scareware - malicious computer programs designed to trick a user into buying and downloading unnecessary and potentially dangerous software, such as fake antivirus protection.

Now that you know what to look out for let’s look at Identity Theft and what you can do to prevent or minimize it.

Identity Theft

When most people think of identity theft, they think of getting their wallet stolen or someone using their driver’s license or credit cards. However, with the Internet becoming such an increasingly important element in our everyday lives, identify theft has moved online and into our computers, tablets and smart phones.

Hackers use spyware to infect computer systems. They travel over the Internet silently and can remotely access your computer, tablets and smart phone systems in several ways, including when you:

• Downloading malicious files or software
• Open malicious email attachments
• Click on malicious pop-ups or advertisements
• Or visit suspicious or malicious web sites
• Or connect to malicious Wifi access points

If you are able to take action quickly, the damage done by identity theft can be limited. If you believe that you have been a victim of identity theft, you should take the following steps:

• Call the authorities to report the identity theft
• Contact your bank & credit card companies to alert them of the identity theft
• Place an initial fraud alert
• Order your credit reports
• Check your financial institutions and financial card statements

Being vigilant regarding your personal information is the best way to prevent identity theft online and to minimize the potential extent of the damage. Next, we will look at the growing problem of cyber IP theft and what you or your organization can do to prevent it.

Intellectual Property Theft

Intellectual Property Theft (IP) is a leading cause of economic losses today. Whether it is other organizations trying to steal information, or hackers who are politically motivated, this threat affects not only individuals, but also organization’s revenue levels and the Nation’s economic growth and sustainability. There is evidence that shows massive transfers of wealth-generating innovations to rivals domestically and abroad, resulting in serious consequences for advanced economies for decades to come.

There are four main types of intellectual property theft:

• Patents
• Trademarks
• Trade Secrets
• Copyrights

One way to protect your IP is the use of encryption. If you or your organization believes that it has been a victim of IP theft, it is critical to receive legal advice from IP lawyers who can advise you on the next steps to retrieve your IP and any lost revenue as a result of IP theft.

Protect Yourself

For individuals, implementing the best practices below will better protect the data and information of you and your loved ones. For organizations, consistent staff training and various technological solutions can assist the process of protecting IP from nefarious organizations or individuals.

Protect Yourself Against Cyber Threats

To help protect yourself and those around you, you should be aware of online risks and the simple steps you can take against cyber threats. Read below for tips on how to stay safe in various environments.

Setting up Proper Controls

Connect securely wherever you are:

• Only connect to the Internet over trusted, secure, password-protected networks.
• Think before you click: Do not clink on links or pop-ups, open attachments, or respond to emails from strangers.

Respond only to trusted messages:

• Do not respond to online requests for personal information such as your date of birth, social security number, or your credit card numbers; most organizations like banks, universities, businesses, etc.-do not ask for your personal information over the internet.

Use passwords properly:

• Select strong passwords and change them frequently. Password protect all devices that connect to the internet and user accounts.

Stay aware:

• Routinely monitor bank and credit card accounts for unauthorized charges and unauthorized accounts that have been opened under your name.

Social Networks

Think before you post:

• Limit the amount of personal information you post publicly. Do not post information that would make you vulnerable, such as your address or information about your schedule or routine. If your friend posts information about you, make sure the information is something that you are comfortable sharing with strangers.

Get smart and use privacy settings:

• Take advantage of privacy and security settings. Use site settings to limit the information you share with the general public online.

Trust your gut:

• Be wary of strangers and cautious of potentially misleading or false information.

Mobile Devices

Be aware across all devices:

• Maintain the same vigilance you would on your computer with your mobile device.

Suspect links and texts:

• Be suspicious of unknown links or requests sent through email or text message. Do not click on unknown links or answer strange questions sent to your mobile device, regardless of who the sender appears to be, as some links are designed to gather your personal information.

Be careful what you download:

• Download only trusted applications from reputable sources or marketplaces, as some apps may install harmful code onto your device.

Anti-virus on-the-go:

• Download a trust-worthy anti-virus program on your phone to perform routine checks.

At Home

Have a conversation with your family:

• Talk to your family about Internet safety. Keep your family’s computer in an open area and talk to your children about what they are doing online, including who they’re talking to and what websites they’re visiting.

Inform our children and older adults:

• Inform children and older adults of online risks. Discuss appropriate Internet behavior that is suitable for a child's age, knowledge, and maturity.
• Talk to older adults about the dangers and risks of the Internet so that they are able to recognize suspicious activity and secure their personal information.

Enjoy the new digital on-line world, but stay safe!