In today’s online world, technology users are essentially in a state of near-constant attack. Almost every day, there’s a new data breach in the news involving a well-known company and, quite often, fresh rules for protecting personal information are circulated.
Because of malware in email, phishing messages, and malicious websites with URLs that are one letter different from popular sites, employees need to maintain a high level of awareness and diligence to protect themselves and their organizations.
Phishing activities are especially pervasive, including attempts to steal users’ credentials or get them to install malicious software on their system. The astonishing success rate of phishing attacks makes them a favorite.
Why? More than 70% of people will follow the link to a phony website and, of those that followed the link, 30%-50% will routinely give up their usernames and passwords.
Many like to think of the network perimeter with all its firewalls and other fancy technologies as the front line in the cyber war, but the truth is there’s a whole other front.
Every single member of a company’s staff who uses email or the Internet is also on the front line and these people are generally considered a softer target than hardware or software. It’s simple: if the bad guys can get an employee to give up his or her user credentials or download some malware, they can likely waltz right past the technological controls, basically appearing as if they belong there.
When using a computer for personal functions, a user generally has to have the ability to install software and modify the system configurations. Typically, such administrative functions are not available to all users in a corporate environment.
As a result, even if an organization has made an effort to improve a system’s security, a user doing work on a personal computer has the ability to disable and circumvent protections and has the privileges to allow for the installation of malware.
As companies migrate toward a world of bring-your-own-device policies, some companies are developing strategies to help address these risks. But, as a rule, using a work computer for personal reasons or doing work on a personal computer (or tablet or smartphone) can significantly increase the threat level that an employer has to protect itself against.
To help their organization protect systems and data, employees need to implement some smart web browsing habits. Smart web browsing means engaging in the following activities:
Beware of downloads
Malware can be hidden, not just in applications or installation programs, but in what appear to be image and video files also. To limit the likelihood of downloading content that contains malware, only download from reputable sites. With sites that are not a household name, take the time to do a little research and see if other people have had issues.
Additionally, be sure that antivirus software is set up to automatically scan downloads. Or scan downloads manually, even when receiving them from name-brand sites, as it is not unheard of for infected files to make their way onto otherwise legitimate web sites.
This is especially true for file-sharing sites where the site owner cannot control every piece of content a user may place there.
Be wary of deceitful sites
Those running sites already breaking the law by illegally distributing copyrighted materials — like pirated music, movies or software — probably have no qualms about including malicious content in their downloads or stealing information.
Many popular web browsers today have built-in functionality that provides an alert when visiting a website that is known to be dangerous.
And if the browser doesn’t give a notice, the antivirus software may provide that function. Heed the alerts!
Employees need to protect their devices from online and in-person threats. Start by keeping the company’s system patched. Configure it to automatically apply updates or issue notifications when there are updates and then apply them as soon as possible. This doesn’t just apply to the operating system.
Keep all installed applications updated; sometimes this takes a little extra work.
Remember, the challenge of security is that the bad guy needs to find only one hole in a security system to get past it, so fix them all. Think of it as putting dead bolts on doors, but leaving the basement window wide open.
To that end, security professionals like to debate the usefulness of today’s antivirus software. And it’s true that malware continues to become more sophisticated and harder to detect. But it always amazes me how old some of the malware running around is. As a result, use antivirus software and keep it up-to-date.
Also, use a software firewall, either the Windows firewall or one provided in an antivirus package. This is especially true for laptops connected to public wireless access points at hotels or coffee shops, but it also applies to home systems. It just provides that extra layer of defense.
And finally, please, don’t ever give passwords to anyone. Be vigilant and question anything new, especially emails and forms in the web browser that request work credentials, no matter how nicely the request is made.
(Image Source: iCLIPART)