June 06, 2014 by Eric Cates
Cybercrime is an ongoing issue and more times than not, we fall victim to attacks without realizing when or how it is happening. A recent news release by Trustwave reveals last year’s trends on the continuing struggle to contain cybercrime, data breaches and security threats.
According to the report, the data gathered in 2013 showed 691 breach investigations across 24 countries, which is a 54 percent increase from 2012. What we see most commonly is theft through payment cards but the number of data thefts in 2013 involving confidential information and non-payment cards is not far behind.
To begin solving the cybercrime war we must look at the source of how these attacks evolve and how to prevent further attacks. The biggest method used continues to be malware through Java, Adobe Flash and Reader with plenty of help from spam mail, which captivates our email addresses with annoyance. One of the biggest issues is our own obliviousness to our personal information on the web. Employees and individuals often allow criminals to walk right through the door by using relaxed passwords that give little to no security.
Trustwave found that the password “123456” topped the list of most commonly used followed by “123456789” and “password”. Not only are these easy to guess but they are also being used for multiple accounts for individuals “security” protection. Lets take a look at some helpful security awareness tips to prevent future fraud and keep you protected.
1. Always remember, information security is only as strong as its weakest link. Be sure that each member of your organization is up to date with all passwords and software security.
2. Do not provide personal information or your company’s private information in an email or respond to solicited email. Remember that emails are not as private as you think. Any email has the potential to be viewed by unwanted eyes.
3. Passwords should be at least 8 but preferably 12+ characters (This will depend on the max allowed by the account provider). A mixture of capital & lowercase letters, numbers and symbols are encouraged. A helpful tool is creating a sentence and using the first letter from each word. Ex. Password protection! Is @ Number 1 way 2 protect Information. (Pp!I@N1w2pI.)
4. Be aware of password cracker programs. These programs are used by intruders to try and log into systems automatically from easily guessed passwords, dictionaries and random crackers that generate passwords.
5. Be conscious of your account, who is using it and avoid network spoofing. These programs impersonate sign-on routine to collect hundreds of passwords.
6. Keep the password hackers guessing. Immediately change default passwords and change them frequently.
7. Research shows 98 percent of emails received each day are spam. Be suspicious of subject lines, foreign senders, non-work related email, and unexpected email and always delete.
8. Never click on links in an email. To avoid malicious links in your email you can opt to open the link directly in the browser if needed (and after hovering over the link and verifying the actual domain). Manually type in the trusted website in a separate browser.
9. Be conscious of attachments received in an email. Only open/download an attachment from an email if you are completely sure you know the sender and are expecting the attachment.
10. Don’t be fooled by phishing scams. Attackers attempt to trick users by emailing from what looks to be a legitimate enterprise but in reality only targets your personal information.
For more information on security tips and best practices and training for your workforce click here.