Skip to main content

How to protect your company data from Hackers


In today's on-line world, technology users are essentially in a state of near-constant attack

Almost every day there's a new data breach in the news involving a well-known company and quite often fresh rules for protecting personal information are circulated. Because of unwanted installer in email, phishing messages and malicious websites with URLs that are one letter different from popular sites, employees need to maintain a high level of awareness and diligence to protect themselves and their organizations.


Phishing activities are especially pervasive, including attempts to steal user's credentials or get them to install malicious software on their system. The astonishing success rate of phishing attacks makes them a favorite. Most companies regularly conducts phishing exercises for their clients as part of their testing and training programs and have seen results where better than 70 percent of people will follow the link to a phony website and, of those that followed the link, 30 percent to 50 percent will routinely give up their user names and passwords.


Many like to think about the network perimeter with all its firewalls and other fancy technologies as the front line in the Cyber-war, but the truth is there's a whole other front. Every single member of a company's staff who uses email or the Internet is also on the front line, and these people are generally considered a softer target than hardware or software. It's simple: If the bad guys can get an employee to give up his or her user credentials or download some malware, they can likely waltz right past the technological controls looking for all intents and purposes as if they belong there.


For starters, employees should not use their work computer for personal business and vice versa. Most home systems and networks simply don't have the protections in place that a well-managed corporate environment generally has. There's been a lot of hubbub over the last few months about the cost for businesses to upgrade from Windows XP since Microsoft will no longer be providing security patches for it. Yet some people are still happily running Windows 2000 at home and Microsoft hasn't had updates available for 2000 in more than four years.


Some people let their personal antivirus software expire and take a month (or a year) to get around to renewing it -- if they ever do. Many people will operate their home computers with weak or even no passwords and with their only protection from Internet threats being the rudimentary security capabilities of their DSL router or cable modem, which they will gladly disable to make it easier for their Xbox, PlayStation or Wii game console to connect with strangers from all over the world.


In addition, when using a computer for personal functions, a user generally has to have the ability to install software and modify the system configurations. Typically, such administrative functions are not available to all users in a corporate environment. As a result, even if an organization has made an effort to improve a system's security, a user doing work on a personal computer has the ability to disable and circumvent protections and has the privileges to allow for the installation of malware.


As companies migrate toward a world of bring-your-own-device policies, some companies are developing strategies to help address these risks. But as a rule using a work computer for personal reasons or doing work on a personal computer (or tablet or smart-phone) can significantly change the threat level that an employer has to protect itself against.


To help their organization protect systems and data, employees need to implement some smart web browsing habits. Smart web browsing means engaging in the following activities:

1. Keep the browser updated.

Next to a computer's operating system, the most critical software to keep up-to-date is the web browser and any plug-ins it uses (like Adobe Flash or Java). These types of integrated applications allow code from Internet websites to run locally on your computer and, as a result, are among the most commonly exploited by malicious code. 


2. Learn about the browser to disable unused plug-ins.

For the same reason, if doing a lot of random surfing is done, consider keeping plug-ins and scripting disabled except when on a known, trusted site. This can help prevent "drive-by" malware that runs through JavaScript or through plug-ins like flash and infects  infects a computer after a visit to a site. 


3. Beware of downloads.

Malware can be hidden, not just in applications or installation programs, but in what appear to be image and video files also. To limit the likelihood of downloading content that contains malware, only download from reputable sites. With sites that are not a household name, take the time to do a little research and see if other people have had issues.


Additionally, be sure that anti-virus software is set up to automatically scan downloads. Or scan downloads manually, even when receiving them from name-brand sites, as it is not unheard of for infected files to make their way onto otherwise legitimate web sites. This is especially true for file-sharing sites where the site owner cannot control every piece of content a user may place there.  


4. Be wary of unscrupulous sites.

Those running sites already breaking the law by illegally distributing copyrighted materials -- like pirated music, movies or software -- probably have no qualms about including malicious content in their downloads or stealing information.


5. Heed alerts.

Many popular web browsers today have built-in functionality that provides an alert when visiting a website that is known to be dangerous. And if the browser doesn't give a notice, the anti-virus software may provide that function. Heed the alerts!


Part of the fun of searching the Internet has always been discovering what's out there. But just like when visiting a new city, avoid some places after dark. And never wander into others at any time. Be alert.


Employees need to protect their devices from on-line and in-person threats. Start by keeping the company's system patched. Configure it to automatically apply updates or at the very least issue notifications when there are updates and then apply them as soon as possible. This doesn't just apply to the operating system. Keep all installed applications updated. Sometimes this takes a little extra work, especially if a lot of niche software is used.


Remember, the challenge of security is that the bad guy needs to find only one hole in a security system to get past it, so fix them all. Think of it as putting dead bolts on doors but leaving the basement window open.


To that end, security professionals like to debate the usefulness of today's anti-virus software. And it's true that malware continues to become more sophisticated and harder to detect. But it always amazes me how old some of the malware running around is. As a result, use anti-virus software -- and keep it up-to-date.


Also, use a host-based firewall, either the Windows firewall or one provided in an anti virus package.  This is especially true for laptops connected to public wireless access points -- like at hotels or coffee shops -- and also on a home system. It just provides that extra layer of defence.


And finally, please, don't ever give passwords to anyone. Be vigilant and question anything new, especially emails and forms in the web browser that request work credentials, no matter how nicely the request is made.

Comments

Popular posts from this blog

Tappay payment gateway integration woocommerce

TapPay  offers fast  payment  flow integration, allowing your customers to  pay  with a click of a button instead of redirecting to other websites, in this article you will see how you can integrate  Tappay payment gateway with woocommerce . how you get  Tappay payment gateway woocommerce module and integrate it. When it comes to data security,  TapPay is also very safe and reliable . TapPay provides friendly and flexible payment service, which allows citiesocial users to enjoy wonderful shopping experience.It has a significant impact on improving e-commerce conversion rate and lower operation cost. Tappay payment gateway integration woocommerce Tappay payment gateway integration woocommerce Integrated Payments Exclusive Cross-site modules for seamless checkout experiences Tokenized card management, Card-Free experience and self-updating card expiration dates TapPay is compatible with multiple payment method and E-wallet, including Apple Pay / Goo...

Parasut Accounting & Invoicing integration with woocommerce

Parasut Accounting & Invoicing integration with woocommerce  Parasut is a cloud-based finance management application for Small Business Owners in Turkey. Please use Paraşüt mobile application alongside the web application to benefit from all features.  Paraşüt Accounting & Invoicing integration with woocommerce is useful for automation and fast process stop manual creating invoice will save time and efforts. Why e-Invoice with Parasut ? Manage your application processes with our e-invoice transition consultant.  Switch to e-invoice within 30 minutes* without leaving your seat. Parasut Accounting & Invoicing integration with woocommerce Use it at Affordable Prices Get rid of fees such as integration and training fees.  Send e-invoices with affordable e-top-up prices. Integrated Pre-Accounting When using e-document services with Paraşüt, manage your financial data from anywhere thanks to the features that will allow you to manage your preliminary accounting...

BARCLAYCARD EPDQ payment gateway integration woocommerce

  WordPress WooCommerce Barclaycard ePDQ Payment Plugin supports the Hidden Authorisation. The Hidden Authorisation gives you the advantage that customers no longer have to leave your shop in order to enter their credit card data. The processing occurs unnoticed in the background between WordPress WooCommerce and Barclaycard ePDQ. No credit card data is saved. Requires PCI DSS SAQ A-EP Certification. In addition to Hidden Authorization, other authorization methods that are fully PCI DSS compliant (Payment Page, Widget, Iframe, etc.) are also supported. A detailed list of supported features can be found below. BARCLAYCARD EPDQ payment gateway integration woocommerce BARCLAYCARD EPDQ payment gateway integration woocommerce main points Compatibility with Barclaycard ePDQ (essential, extra, or extra plus) The ability to process refunds directly in your WooCommerce admin panel Secure 3D Secure v2 authentication PSD2 & SCA compliance A setup wizard to guide you through the integratio...