Hardly a day goes by at the moment when we haven’t been alerted to the last in what’s a very long line of data breaches and new internet security threats. Yet it seems that although many of us worry about the impact of cybercrime, not many of us are really very willing to do anything about it.
This year has seen the Heartbleed bug create a certain amount of chaos, with conflicting information to be found all over the web as to whether consumers should change passwords now or later. Then of course there’s the current threat that’s looming with regard to the GOZeus and Cryptolocker malware. Yet in a recent Consumer Reports survey, it was found that 62% of people do nothing to even attempt to protect their online privacy.
58% also stated that they were “deeply worried” about online threats when spending their hard-earned cash online. This paradoxical evidence illustrates a lack of education when it comes to how to defend against malware attacks, credit card fraud and other threats.
Businesses and Consumers Failing to Protect
The only way that we’re ever going to make any headway into winning the war against cybercrime is by learning to defend ourselves. This doesn’t just apply to consumers either; a recent study by NTT Group found that whilst 45% of attacks on business are due to malware, these could be avoided if the companies applied basic security on the network.
The research found that many of the three million attacks that it detected in 2013 were caused by the business having no basic antivirus protection and no vulnerability scanning. The latter works to ensure that the network is constantly up-to-date with the latest security patches as they are released by software firms. It was found that many companies had software that hadn’t applied patches that in some cases were over two years old.
This is shocking, as not only does it potentially leave customer data at risk, but an attack can affect a business to such an extent that it might never recover. Despite this, it was also found that 77% of companies globally didn’t have an incident response plan in the event of a malware or hack attack.
Implementing Basic Protection
For consumers and businesses alike then, it’s vital to ensure that at a minimum antivirus protection is put in place. However, that’s often not enough on its own and it’s also necessary to show a certain amount of vigilance online and to use common sense.
Threats can be mitigated fairly easily, by carrying out some housekeeping and ensuring that care is taken on certain sites. For example, with regard to software vulnerabilities, these are usually responded to quickly by vendors. Microsoft, which develops surely the most attacked software products in the world, issues monthly updates. Users don’t have to take any action to install these, they are generally carried out automatically and users should take note not to turn off the automatic update features in Windows or Office if they want to remain protected.
When it comes to malware, cyber crooks are repeatedly coming up with more sophisticated software, but a lot of the time machines are infected due to user intervention. Commonly, phishing emails are a big culprit, but in this age of social media and ‘always online’, there are plenty of other ways to find a machine has become a part of an international botnet.
- Infected sites – this is not necessarily something a site owner will be aware of as many sites are not frequently updated or maintained. Google claims that it blacklists as many as 6000 sites a day due to malware infection
- Social media – social engineering tactics are commonly used on social media and whilst many of these are concerned with like farming, some do point users to malware infected sites and survey scams
Software vulnerabilities – we’ve already mentioned these but it bears repeating: software must be regularly updated in order to plug the gaps found by hackers which allow them to access a machine and take control. Defect tracking tools will help identify any software issues.
A layered approach to security is recommended. These days, firewalls which are a part of the operating system are used rather than commercial offerings and antivirus packages tend to have a safe surfing option as well as email protection. However, router safety is also important and it’s vital that users change default usernames and passwords when a router is installed on the home or business network.
Image Source: https://www.flickr.com/photos/reign4aday/1498071729/
Further to this, users should:
- Use a password manager such as LastPass to generate and store complex passwords for every site they access online
- Check and tighten privacy settings on social media
- Update browsers and plugins as updates become available
- Avoid following links in email or opening attachments when they are from an unknown source
- Ensure antivirus software is set to update automatically so that new threats can be picked up
- Avoid installing browser toolbars and always read terms and conditions when installing software – also look out for tick boxes which are often enabled and allow further software to be installed
- When searching for free software check around for good reviews. Open source software (which is generally free) can be found via Sourceforge, for example
- When visiting government sites for popular searches such as passports, check the URL is a genuine government one – this also applies to popular software, there are lots of sites out there that trick users by mimicking popular products but supply malware
- Don’t panic if you become infected, even if your PC is ‘locked’ – don’t part with any cash to unlock it remotely, but take it to a local PC repair outlet
- Scan removable media such as USB sticks before copying information over
- Avoid open Wi-Fi connections that anyone can access
For businesses, it’s also advisable to develop strong policies surrounding security from the off and to ensure that staff are fully aware of the potential damage that a malware attack can cause. Businesses should consider outsourcing to a security specialist that can provide adequate protection as a service if they don’t have a fully-fledged IT manager. Firms can also utilize hardware firewalls, network, file and server monitoring and software solutions designed to give enterprise-grade protection. Businesses should also set permissions on the network depending on whether a certain level of access is required to carry out a job. Reducing the number of staff with administrative access will reduce the success of phishing attempts.
Level of Cybercrime today
Last year a report from McAfee found that around $100bn is lost in revenue by US companies thanks to cybercrime. This means that there’s the potential for 508,000 jobs to be lost each year. The figure above is thought to be a low estimate and it’s thought that in general, the figure lies somewhere between $100bn and $500bn.
When it comes to phishing, whilst ISPs tend to block a reasonable volume of spam email, 16 million get through globally each year. Of these, 8 million will be opened and 10% of people will fall for it and follow a link to provide personal details. That’s 80,000 people, and these figures are not exact, so it’s clear that it remains a huge problem in the US.
The problem of cybercrime is one that is not getting any better and nor will it unless users wise up and begin to take more action. It’s not a difficult task and in most cases, a quick Google will tell you if an email is a phishing mail, or if a social media page is bogus. It’s just a case of implementing the right protection and then being ever vigilant.
About the Author:
Kerry Butters is a technology writer and published author from the UK. She writes widely across all tech subjects from corporate tech, to social media, web design and gadgets. Kerry writes on behalf of Kansas based monitoring software vendor Power Admin LLC.