Cyber Security Insights
Understanding Malware
Malware—short for ‘malicious software’—refers to any software intentionally designed to cause damage to a computer, server, client, or network. Here’s a breakdown of common types:
- Virus: Infects other programs and files, spreads rapidly, corrupting files and disrupting operations. Example: The ILOVEYOU virus.
- Spyware: Covertly obtains information about a user’s activities to steal sensitive data. Example: Keyloggers that capture passwords.
- Ransomware: Encrypts or locks valuable digital files and demands a ransom for their release. Example: WannaCry attack that affected thousands of systems globally.
- Adware: Automatically delivers or displays unwanted advertisements. Example: Adware that modifies browser settings.
- Trojans: Disguises itself as legitimate software but performs malicious activities once activated. Example: Remote Access Trojans (RATs).
Password Security Best Practices
Strong passwords are vital for protecting against unauthorized access. Here are some best practices:
- Complexity: Use a mix of upper and lower case letters, numbers, and symbols. Example: g3T!tDoNe$92
- Length: Longer passwords are more secure. Aim for at least 16 characters. Example: F!ndMyBr!ghtSiDe2023$
- Unpredictability: Avoid common phrases and predictable substitutions. Use random words combined with characters and numbers. Example: Table$Shoe%Fish&Jelly22!
- Uniqueness: Use a different password for each of your accounts. Example: Using “Sun$4ineD@ys” for social media and “Mo0n!Ligh7” for banking.
- Password Managers: Consider using a password manager to generate and store different complex passwords for all of your accounts securely.
Recommended Password Managers
What is Multi-Factor Authentication (MFA)?
MFA significantly enhances security by requiring two or more verification factors, making unauthorized access considerably harder. These factors are typically categorized into:
- Knowledge factors: Something the user knows (e.g., password, PIN).
- Possession factors: Something the user has (e.g., a hardware token or mobile app).
- Inherence factors: Something the user is (e.g., biometric traits like fingerprints).
This approach helps protect against various security threats, including phishing and brute-force attacks, by requiring multiple proofs of identity.
Recommended Authentication Apps
For enhanced security, using authentication apps to receive MFA codes is safer than SMS. Below are popular options, which generate time-based, one-time passcodes (TOTP) that are hard to intercept:
MFA Demonstration
Click “Demonstrate” to see an example of MFA in action.
Login
Enter Your MFA Code
Success! Welcome to Online Banking
You have successfully logged in using MFA.
Common Computer Scams
Understanding common scams can significantly reduce the risk of data theft. Here are some prevalent methods used by cybercriminals:
-
Phishing: Scammers use fake emails or websites to mimic legitimate organizations, tricking users into providing sensitive information.
- Example: An email disguised as a security alert from your bank asking to confirm your account details.
-
Spear Phishing: More targeted than general phishing, it focuses on specific individuals or organizations to steal data or distribute malware.
- Example: Emails sent to company executives claiming to be from a known partner or supplier with urgent requests for wire transfers.
-
Whaling: A sophisticated form of phishing aimed at high-profile targets like C-level executives, using highly personalized bait.
- Example: Fake legal subpoenas sent via email to senior executives, tailored to appear extremely legitimate.
-
Scareware: Victims are bombarded with false alarms and fake threats to persuade them to buy useless “security” software.
- Example: Pop-ups that appear while browsing, warning that your PC is infected and urging you to download software to fix the problem.
-
Fake Calls: Impersonators claim to be from well-known companies to gain personal or financial information.
- Example: Calls from someone pretending to be a tech support specialist directing you to grant them access to your computer to fix a non-existent problem.