Top 5 Everyday Cyber-Gaffes to Watch For

09/15/15

Cyberattacks against corporations and governments are making the headlines these days, but cybercriminals are also still exploiting the basic online scamming techniques.

All too often, the bad guys count on you to make common errors that lead to breaches.  How many of these are you guilty of? 

1. You are a clicker.  A click may be all it takes to be infected by a virus or redirected to a malicious website, and fraudsters are very good at creating content to lure people into clicking.  Before you click, always hover over a link to check where it leads.

2. You ignore updates.  Technology companies continuously make their products less vulnerable to cyberattacks by releasing updates.  However, if you don’t install those updates, they can’t do you any good.  Internet browsers are a great example; breaches are facilitated by the fact that only 10% of users are on the latest version.

3. You use free apps.  If you’re a fan of the latest apps, games, and gadgets, be aware that some applications (such as free search toolbars or phone apps) are infected with malware.  This allows cybercriminals to collect your data and online activity without you ever noticing it.

4. You never lock your screen.  The easiest way to steal data is to physically access someone's unlocked computer when they step away.  It doesn't take any technical skill, and unless the criminal is caught on camera, you can't trace the breach.  Make sure you’re not leaving your cyber front door open.

5. You share too much online.  What’s your mother's maiden name?  What was the name of your first pet?  These are standard security questions that allow you to retrieve your password, and odds are someone could find the answers on your Facebook profile.  To protect yourself and your company, start by restricting access to your social-media updates to friends.

Security FYI

FBI: Past Year Saw $18M in Ransomware Losses
In the past year, U.S. businesses and consumers have experienced more than $18 million in losses stemming from a single strain of ransomware called CryptoWall, according to the FBI’s Internet Crime Complaint Center.  In total, IC3 received 992 CryptoWall-related complaints from April 2014 to June 2015.  The reported losses relate not just to ransom payments but to additional costs including network mitigation, loss of productivity, legal fees, IT services, and the purchase of credit monitoring services.  Ransomware is a type of malware that locks victims' PCs and encrypts the data on them until a ransom is paid. 

Insider Attacks Rise, Though Some Businesses Unaware of Risk
A majority (62%) of security professionals say insider threats have become more frequent in the last 12 months, but only 34% expect additional budget to address the problem, according to a report from SpectorSoft.  The report finds that less than half of all organizations have appropriate controls to prevent insider attacks, with privileged users, such as managers with access to sensitive information, posing the biggest threat (59%). Less than a quarter (22%) of respondents saw no rise in insider attacks, and 45% are unsure whether they were attacked or not.

Group Urges TSA to Improve Security of Boarding Passes
A federal watchdog repeated a recommendation recently for the Transportation Security Administration to make airline boarding passes more secure, shortly after computer problems at United Airlines and the New York Stock Exchange sparked concerns about cyber terrorism.  TSA and airlines have resisted encrypting bar codes as technically difficult and expensive.  TSA is exploring a different technology to authenticate boarding passes. The report from the inspector general for the Department of Homeland Security dealt with ways to improve TSA pre-check.  Pre-check allows travelers who volunteer extra information about themselves access to speedier checkpoint lines.
The above notice is archived content and may contain information that is no longer valid. This includes URL's that were valid when originally published, but may now link to sites or pages that no longer exist.