How to protect your data from Hackers, Phishing…

watch out for hackers

I have written several blogs on HR system security and confidentiality, and how to secure your systems against intruders. But what are some of the most common methods that hackers use to actually breach your applications? The more you know about your “enemy” the better you will be prepared to guard against their attacks.

Password Breaches

Probably the most common breach involves hackers’ access to valid user names and passwords.  Often they can discern user-name conventions such as first letter of first name plus last name, for instance “bsmith” or “mjones”. Then they start running through common passwords (usually using software to rapid-fire login attempts) until one really works.

Often, legitimate users will be careless with their password, using the same password for every application log-in, or even leaving the password written on paper in their desk. It would be nice to trust your coworkers, but unfortunately seemingly good people can do bad things.

Phishing for passwords is unfortunately a very effective method hackers use. Phishing often involves sending an email that looks real and warns you of a system breach (ironic), then providing a link that asks you to log in and change your password.  This is often a “notice” from your bank, Amazon, Ebay, Facebook or other popular site. If you take the bait, you have just donated your account to a hacker.

See how easy it is to fool you: The link below looks like a real link to Chase Bank. But clicking on this link actually takes you elsewhere.

Try it.  Trust me :).

www.chase.com

There are many more breaches involving different types of password theft, but you get the point; be diligent managing passwords. Under no circumstances send passwords over the Internet as clear text. Always use encryption. And always use strong passwords, which includes 8+ characters, symbols, upper and lower case letters, and numbers.

Malware and Trojan Horses

Yes, that ugly link you click on that effectively hijacks your computer. Let’s say you’re searching for a free download of Taylor Swift’s latest album. Jackpot! You found a site that has it? Or maybe not… The site looks professional, so it must be legit. You eagerly click the download link and the pop-up box asks you to first install the special player. At this stage you may be very lucky that nothing nefarious has happened yet to your computer.  Or it may be too late.  More about that in a minute.

Now, if you are wise, you pause before clicking and think twice about your next action. But no, you REALLY REALLY want that new album, so you click the button. Luckily the operating system informs you that you are about to download something (you can bet it’s not that media player). There are probably 2 buttons – OK and Cancel.  Here is the catch.  Both buttons may initiate the download and you are officially hosed if you click either one. But let’s say you started to get suspicious because something in your head began setting off alarms. What to do?  There is a glimmer of hope. Try any and all of these keystrokes to attempt to clear the dialog box and back you up to safety:

  • DO NOT CLICK THE CANCEL BUTTON!
  • Press the Escape Key, multiple times. If that doesn’t work then
  • Click the Red X on the upper right corner of the dialog box. If that doesn’t close the box then
  • Click Alt+Ctrl+Del, then click on “Task Manager”. Next, click on the ”Applications” tab, then click the “End Task” button to close the browser. Actually, try to close every application.  If that doesn’t work, then reboot immediately.
  • Also, if you keep getting more popups or new tabs opening new pages, reboot immediately.

If you are lucky, and weren’t hijacked in the first web page, say a prayer and run a virus/malware scan just to be certain.  About that first page – it is entirely possible that malicious code was placed on your computer as soon as you opened it.  The likelihood would primarily be based on the level of security you set for your browser. Which is why hackers try to trick you into causing your own demise if the initial malicious code can’t run.

Malware can be anything from harmless but annoying Adware (unwanted pop-up ads), to sniffers that read your keystrokes and collect login information. It is nasty to say the least.

Malicious Hardware

Malware and viruses can also be lurking in thumb drives and other hardware. Before you place a USB stick in your computer, know its origin.

In any case, please install quality virus/malware protection software, and keep it up to date.

And back up, back up, and back up.

If all fails, Format C:\

Image Source