Let’s examine the most common type of cyber-attacks that your business could face and ways to avoid them.
- Malware is an all-encompassing term for a variety of cyber threats including Trojans, viruses and worms. Malware is simply defined as code with malicious intent that typically steals data or destroys something on the computer.
How does it work? Malware is most often introduced to a system through email attachments, software downloads or operating system vulnerabilities.
How can I prevent it? The best way to prevent malware is to avoid clicking on links or downloading attachments from unknown senders.
It’s also important to make sure your computer’s operating system (e.g. Windows, Mac OS X, and Linux) uses the most up-to-date security updates. Software programmers update programs frequently to address any holes or weak points. It’s important to install these updates as well to decrease your own system’s weaknesses.
- Phishing attacks are sent via email and asks the users to click on a link and enter their personal data. Phishing emails have gotten much more sophisticated in recent years, making it difficult for some people to determine a legitimate request for information from a false one. Phishing emails often fall into the same category as spam, but are more harmful.
How does it work? Phishing emails include a link that directs the user to a dummy site that looks like a legitimate website (for example, a banking website), where they instruct you to login, capturing your username and password. In some cases, all you have to do is click on the link in the email and the cyber-criminal gains access to your system.
How can I prevent it? Always verify the source before you click on the email or any links in the email. Educate your employees and conduct training sessions with simulated phishing campaigns. Deploy a SPAM filter that detects viruses, blank senders, etc. Also, keep all systems updated with the latest security patches and install an antivirus solution. There are also helpful tools like PhishPro that are available in marketplace that can help you manage your exposure to phishing and protect your organization against phishing attacks.
- Password Attack is exactly what it sounds like, a third party trying to gain access to your systems by cracking a user’s password.
How does it work? This type of attack does not usually require any type of malicious code or software to run on the user system. There is a software the attackers use, that runs on their own system that makes attempts to crack your password. Programs use many methods to access accounts, including brute force attacks made to guess passwords, as well as comparing various word combinations against a dictionary file.
How can I prevent it? Strong passwords are really the only way to safeguard against password attacks. This means using a combination of upper and lower case letters, symbols and numbers and having at least eight characters or more. It’s also good practice to change your passwords at regular intervals. If a hacker is able to obtain an older password, then it won’t work because it’s been replaced!
- Denial-of-Service (DoS) Attack focuses on disrupting the service to a network. Attackers send high volumes of data or traffic through the network (i.e. making lots of connection requests), until the network becomes overloaded and can no longer function.
How does it work? There are a few different ways attackers can achieve DoS attacks, but the most common is the distributed-denial-of-service (DDoS) attack. This involves the attacker using multiple computers to send the traffic or data that will overload the system. In many instances, a person may not even realize that his or her computer has been hijacked and is contributing to the DDoS attack.
How can I prevent it? The best way to prevent an additional breach is to keep your system as secure as possible with regular software updates, online security monitoring and monitoring your data flow to identify any unusual or threatening spikes in traffic before they become a problem.
- Drive-By Download attacks occur when vulnerable computers get infected by just visiting a website. It doesn’t require any type of action by the user to download.
How does it work? Typically, a small snippet of code is downloaded to the user’s system while browsing on website, then that code reaches out to another attacker’s computer to get the rest of the codes and download the malicious program. It often exploits vulnerabilities in the user’s operating system or in different programs, such as Java and Adobe.
How can I prevent it? The best way is to be sure all your operating systems and software programs are up to date. This lowers your risk of vulnerability. Additionally, try to minimize the number of browser add-ons you use as these can be easily compromised. For example, if you don’t need Flash or the Java plug-in on your computer, consider uninstalling them.