Michael Colin, head of sales at BitCo Telecoms, has compiled this basic cybersecurity guide for businesses.
What you and your employees need to know about IT security:
To best protect your business against malicious attacks and security breaches, you have to understand what you’re up against.
“Know the enemy and know yourself; in a hundred battles you will never be in peril” -The Art of War.
Use this guide to train your employees too! Cybercriminal tactics include exploiting unsuspecting personnel to gain access to your information, as you will soon see.
Common cyber threats to business IT security
Your business is online all the time, making it particularly vulnerable to cyber-attacks that can expose confidential company and customer information.
Malware
Short for malicious software, malware is a “software program designed to damage or do other unwanted actions on a computer system”. In short, they have malicious intent.
Viruses
A computer virus is a type of malicious software that can alter the way a computer operates, modifying programmes, slowing performance and corrupting data.
It acts much the same way as a human virus. It needs to attach itself to a host (typically an executable file) to travel (file sharing, downloads, email attachments) and spreads infection from computer to computer. However, the virus can exist on a computer without infecting it unless its code is executed (open the file or run the programme).
Ransomware
One of the most dangerous types of security threat. As the name suggests, this malware is used to extort money. Encryption locks data (or your system) and the attacker demands a ransom, claiming to give you the decryption key in exchange -or threatens to publish your data if you don’t.
There is no guarantee you’ll recover access or your data or that your information has not been sold or published. That’s why you shouldn’t pay the ransom and seek professional assistance to resolve the situation.
Trojans
A Trojan is malware that is deliberately concealed to trick you and gain access to your computer (hence the name). The malware is either embedded in legitimate software or poses as such. Once it infiltrates, it can either spy (steal information) or create backdoors (for hackers or more malware).
Worms
Worms act like viruses replicating themselves, but, on a system -targeting networks of devices. Worms have the ability to travel on their own. So, unlike a virus that spreads because a human physically sends an infected attachment, worms can send themselves.
Bots
Bot is short for “Internet robot”. These are programmes that run over the Internet executing specific commands automatically or on schedule. There are good bots, like the ones that crawl and catalogue the web to bring you faster results or updates.
Then, there are bad (malicious bots) which install themselves on computers and carry out the evil will of their designer.
Some capture email addresses and send spam, gather passwords or financial information, or launch Distributed Denial of Service (DDoS) attacks. Others take control of your computer – turning it into a Zombie computer connected to a network of other compromised devices (botnets).
Spam
Besides unsolicited junk mail being really annoying, spam poses a real threat to business. Spambots can also post comments on blogs, in chat forums, and instant messaging apps that contain dangerous links. Email spam is, however, the favoured method for delivering malware and phishing.
Social engineering: phishing
Phishing is a form of social engineering, where an attacker circumvents Firewall protection by tricking you or your employees into giving them access to your network.
It’s also referred to as a phishing scam because it’s the technological equivalent of a con. A fraudster pretends to be a trusted entity in an email prompting you to take some sort of action, like clicking a link. Think “Your account has been compromised, please log in to update your details”. You are directed to a fake website -that looks exactly like the real deal- and, none the wiser, you serve your sensitive data to a crook on a platter.
They use the exact information you gave them to log into your real accounts masquerading as you. Able to transact on your online banking or continuing their phishing using your address book to trick you contacts into giving up their information too.