The top Cybersecurity problem (or risk) is phishing emails and ransomware downloaded to your computer or your website.
When a phishing email somehow gets you to click a link that then downloads an infected “payload” into your computer you can only hope that the anti-virus you have (and/or firewall) will protect you from the payload. So that a dangerous payload may not be able to take advantage of your inaction. The bad software is either in an attachment (in email) or on a website that you download (from a link).
Obviously if you can learn to recognize phishing scams that would be a good thing. but there are other things to do even if you click on a bad link or attachment.
4 things to help prevent getting hacked:
- Phishing email spotting (this is the trickiest one)
- Update your computer and software (easiest to setup and manage)
- Use multi-factor authentication wherever you can
- Backup your computer regularly
if you are up-to-date with your patching with as much software as possible, many attacks will fail. There are some ‘zero-day’ attacks that would still be successful against you, but those are expensive for hackers ‘usually’, so the risk is low for a ‘silver bullet attack’.
Osterman Research created a white paper for Trend Micro: “New Methods for Solving Phishing, Business Email Compromise, Account Takeovers and Other Security Threats”.
First the paper explains how ineffective a number of people have been in managing phishing attacks.
The central theme in the paper are phishing attempts that reach end users and employees who fail to recognize phishing and social engineering attacks.
One of the paper’s recommendations is to move your security operation to the cloud. The plan is that the cloud provider is more advanced than you and will reduce your risk.
What is clear though is that even on the cloud certain scams are always going to take advantage of any system. For example if someone calls you and you give them your credentials after some story that seems believable then any new technology that you paid for is useless. because now the bad guys can log in with your username and password.
You can set up MFA (Multi-factor Authentication) which means the hacker has to defeat another level of authentication (connected to your cellphone or a physical secure id mechanism).
I do not want to get into the technical details of MFA, since that is beyond the scope of this article. But MFA would cut down attacks by a large percentage.
So education and MFA with a better anti-phishing email solution would reduce successful attacks and a proper patching environment may cover the rest.
Contact me to discuss this.