While online threats are constantly evolving, many cyber criminals use variations of the same methods with cyber attacks. Specifics of these attacks may differ, but the nature of the attacks stay the same. Cyber criminals take advantage of a user’s lack of technical expertise and inherent trusting natures. By understanding these common threats and risks, we can all take steps to protect ourselves online.
October is National Cyber Security Awareness Month (NCSAM) and the LECC is joining with the Department of Homeland Security and its partners across the country to highlight the importance of cybersecurity and online safety.
The Department of Homeland Security’s United States Computer Emergency Readiness Team (US-CERT) shares information on the common threats and tips to avoid them. Below are two of the most common types of cyber threats:
Malware is a general term to describe malicious code or software, and includes viruses, worms, trojan horses, ransomware, and spyware to name a few. Malware can disrupt your computer’s operations and destroy files or run quietly in the background, tracking what you type or what sites you visit, and sending this information from your computer to cyber criminals. In the case of ransomware, the malicious code locks your computer or encrypts certain files on your computer and threatens to delete files or keep your computer locked until you pay a monetary fine. Even after paying this “ransom,” it is not guaranteed that your files will be freed from its captors.
What you can do to protect yourself
Think before you click. Malware can spread to your computer through malicious links and attachments. Only click links or open attachments from legitimate, reputable sources. When in doubt, delete or ignore the message.
Keep your anti-virus software updated. New viruses are continually being written and deployed. Updating your anti-virus software helps you fight against the latest malware.
Back up your files. If you are a victim of malware, such as a virus or ransomware, you may risk losing files and data on your computer. Regularly back up your computer to the cloud or an external hard drive to protect your work, your photos, and your documents.
Phishing: Phishing is an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques, or tricking them into thinking that the activity is legitimate or necessary. Phishing emails are crafted to appear as if they have been sent from a legitimate organization or from someone the person actually knows. These emails often entice users to click on a link that takes the user to a fraudulent (or “spoofed”) website that appears to be legitimate. The user may be asked to provide personal information, such as account usernames and passwords. Additionally, these fraudulent websites may contain malicious code. Attackers sometimes take advantage of major events – such as a natural disaster, sporting event, etc. – and pretend to be legitimate charities or retailers to entice users.
Be wary of unsolicited emails asking for personal information. Do not provide personal information or internal company information unless you have verified that the sender is legitimate. Keep your anti-virus software updated.
Report suspicious emails. Either forward the email to your company’s IT department, or report it to US-CERT by emailing phishing-report@us-cert.gov. For more information on cyber threats and risks, and how to protect yourself, visit www.us-cert.gov/ncas/tips.
October is National Cyber Security Awareness Month. As a partner in the Department of Homeland Security’s Cybersecurity Awareness Campaign, the LECC is committed to promoting the online safety message. Cybersecurity is a shared responsibility. Learn more about day-to-day best practices and what you can do to be more cyber secure at www.dhs.gov/stopthinkconnect.
To receive cyber security tips year round, visit www.dhs.gov/stopthinkconnect and become a Friend of the Stop.Think.Connect. Campaign.