Do cybercriminals listen to online trainings about defending against their threats? Let’s hope not! Yesterday’s online training, “Defend Your Agency Against Cybercriminals’ Top Tricks,” was dedicated to beating cybercriminals at their own game.
Right now, the number of cyber attacks that occur is at its highest rate ever and is doing everything but decreasing. According to Kevin Haley, Director of Symantec Security Response, five out of six enterprises with more than 2,500 employees were targeted by cybercriminals in 2014. Everyone is at risk, and everyone is being targeted. So how do you protect yourself and your agency?
Kevin Haley broke down the top four attack methods cybercriminals use so you know what threats to look for and avoid.
- Spear Phishing: This is when an attacker sends you an email and waits for you to bite. Attackers figure out what you look at on the Internet and then send you an email about it. The email will contain a link or attachment that contains malware to breach your systems. Whatever you do, DO NOT click any of the links. Delete the email immediately.
- Watering Hole Attack: Attackers discover the websites you often visit and attack you there. The attackers hack those specific websites so the next time you access that page you are automatically directed to a different site where the hacker is patiently waiting. They can then look for vulnerabilities in your system and proceed to hack you through those loopholes. Make sure the websites you are viewing have high security standards so you know you are being protected.
- Trojanized Update: The attackers find a software vendor that you use and go to that vendor’s website to download the latest software update. They insert their Trojan inside the update and repost it onto the website. When you install the new update you also install the Trojan horse onto your computer, giving hackers access to your information. Check with your software venders to make sure they are protecting themselves and their users from these attacks.
- Ransomware: Attackers will steal your information or lock your entire computer and offer your information back to you for a price, usually about $300. These attackers often focus on tax information or documents they know you need and will be willing to pay for. Store your valuable documents or information on a second hard drive so you have a backup just in case!
According to Symantec, the No. 1 cause of data breaches for all industries and the public sectors is attackers. Use Kevin’s tips above to protect yourself. The second highest cause of data breaches is accidentally exposed data and lost or stolen computers and phones. The third leading cause is insider threat. A simple way to protect lost or stolen items is to have a lock screen on your computer and phone. Sometimes the most simple protection plans are the most effective.
Barry Condrey, CIO of Chesterfield County, Va, also laid out a few tips for how agencies can better prepare their staff to fight cybercriminals.
- First, don’t assume you have nothing worth stealing! Everyone has something hackers want so it is best to play it safe and overprotect your self.
- Don’t assume the more expensive your security system is, the better protected you are. Educate yourself about what your security system is doing for you and adjust to what your agency’s needs are.
- Actively reinforce the importance of cybersecurity to employees. Set aside time to talk about your agency’s security standards at department meetings, budget presentations, annual employee evaluations, new employee orientations and training plans. You can even make informative posters and newsletters to provide for your staff members.
- Invest money in engaging cybersecurity training programs. Make your presentation delivery effective and fitting for each employee position.
- Make sure your employees aren’t over worked and unenthusiastic about their position. Disengaged employees are more likely to open suspicious emails than employees who are actively aware of potential cybersecurity threats.
For more information about how you can protect yourself and your agency against cybercriminals view the on-demand version of this webinar here. Also, be sure to check out Symantec’s Internet Security Report here.