Technology has spawned a dizzying array of new security risks with complicated names such as phishing, social engineering and pretexting. Knowing about these new technology security risks is already half the battle when trying to avoid these pitfalls.
Here is Abdulmughnee’s list of the most common technology security risks you need to avoid.
Phishing is the use of fraudulent emails or phone calls to get sensitive information, such as bank account numbers, credit card information or passwords. Here is how it works:
Phishing is a type of social engineering, which is an attack that uses misrepresentation to get sensitive information.
Pretexting involves the creation of a fake identity or scenario to fool a person into disclosing information.
For example, a fraudster may email or call your company claiming to be a supplier, survey firm, municipal inspector or insurance company to get sensitive data. A pretext attacker could also pose as a computer technician responding to a call for service to access your network.
“They may ask for little bits of information that don’t raise red flags,” Abdulmughnee says. “But over time, bit by bit, they’re trying to build a profile that could let them steal your identity.”
Malicious software (or “malware”) is any software that has a harmful intent. It may steal or corrupt your business information, cause systems to fail or secretly record your computer activity. Malware typically infects a computer following a phishing attack or an employee accidentally downloading infected files.
Ransomware is software that blocks access to computers or files until a ransom is paid. In May 2017, a massive ransomware attack affected more than 100,000 organizations in at least 150 countries, costing billions of dollars.
A computer virus is another example of malware. This is a program designed to replicate through the Internet, damaging programs, deleting files or tying up system resources.
Malware can infect computers through a “pop-up” that appears while you’re browsing the Internet. A pop-up is a window that opens up when you visit a website.
Most pop-ups are legitimate, but in some cases clicking on them can initiate a download of ransomware or a virus.
Pop-ups, for example, may claim your computer is infected with a virus. They say you need to download software to clean your system. That software will, in fact, be malware or a virus.
A twist on this ruse: A pop-up claiming to be from your Internet service provider says your computer has a virus and invites you to call a service number to deal with the problem. You may then be asked to provide identifying information or your credit card number.
While many cloud service providers have good Internet security, not all of them do. You can be at risk if the provider has poor security, leaving your data vulnerable to an attack.
Depending on your agreement with the provider, their liability may be limited to your monthly fee and may not cover business interruption losses. If the provider suffers an attack, you may also be liable for compromises of customer data.
Businesses face similar risks if they contract outside technicians to service their IT needs. You could be vulnerable if IT personnel have poor training or don’t follow best practices.
A poorly secured wifi system can leave your business vulnerable to a hacker within range of your network. A hacker could gain sensitive information, damage your systems or install ransomware.
If you access your business network remotely through an unsecured server, others could see your traffic and access your system. In a public area, you can be at risk if you go online through a “spoofed” Internet server—one set up to appear to be a legitimate wifi connection. Accessing the Internet via such a machine gives an attacker access to your system and possibly your business network.
Also be alert when working outside the office. Information can be compromised if you’re working on a train or plane or in a café and someone else can read what’s on your screen.
Badly chosen employee passwords can increase your company’s exposure to security risks. Many problems occur when employees choose passwords that are easily guessed by unauthorized people.
Disposing of old devices improperly can hand someone else all your business information. If the information is very sensitive, deleting data or formatting the hard drive isn’t enough. You may want to go as far as physically destroying the computer or hiring an expert to do so.
You must be logged in to post a comment.