SECURITY

Computer security, cybersecurity, or information technology security (IT security) is the protection of computer systems and networks from information disclosure, theft of or damage to your hardware, software, or electronic data, as well as from the disruption or misdirection of the services you provide.

Common Cyber Security Threats
  1. Malware

    It is a malicious software such as spyware, ransomeware, viruses, trojans and worms. Malware is activated when you click on a malicious link or attachment, which leads to installing dangerous software. Once activated, it can:

    • Block access to key network components
    • Install additional harmful software
    • Covertly obtain information by transmitting data from the hard drive
    • Disrupt individual parts, making the system inoperable

    Tips for malware prevention:

    • Install anti-virus and anti-spyware softwares, and automate the updates and scans to run as minimally on a weekly basis (ideally at the end of day)
    • Use secure authentication methods
    • Use administrator accounts only when absolutely necessary
    • Keep software updated
    • Control access to systems
    • Adhere to the least-privilege model
    • Limit application privileges
    • Implement email security and spam protection
    • Monitor for suspicious activity
    • Educate your users

  2. Denial of Service (DoS)

    This is a type of cyber attack that floods a computer or network so it can't respond to requests.

    The most effective way to protect against the impact of DoS attacks is partnering with your hosting provider to block the attack at the gateway before they reach your company's network.

  3. Man in the Middle

    It occurs when hackers insert themselves between a two-party transaction. After interrupting the traffic, the attacker can filter and steal data. This attacks often occur when a visitor uses an unsecured public Wi-Fi network. Attackers insert themselves between the visitor and the network, and then use malware to install software and use data maliciously.

    Tips to prevent Man in the Middle attack:

    • Only connect to secured Wi-Fi routers or use your wireless carrier's encrypted connection. Connect to routers that use WPA2 security.
    • Add a VPN to encrypt traffic between end-points and the VPN server.
    • Use end-to-end encryption for your emails, chat, and video communication (Zoom, Teams,etc)
    • Keep the system patched and antivirus software updated
    • Use a password manage to protect your passwords and prevent reuse of passwords
    • Only connect to HTTPS connections, use a browser plugin to enforce this rule
    • Use multi-factor authentication whereever available.
    • Follow the zero-trust principles to build internal barriers around access to data, which prevent infiltrators from moving freely throughout the network if they were to get inside.
    • Monitor activity on the network to detect evidence of a compromise or MitM techniques in use.

  4. Phishing

    Phishing attacks use fake communication, such as an email, to trick the receiver into opening it and carrying out the instructions inside, such as providing a credit card number or login id and password.

    Tips to prevent phishing attacks:

    • Always be suspicious of password reset emails

      If you receive an unsolicited password reset email, always visit the official website directly (never click on embedded links) and change your password to something different on the official site.

    • Always note the language in the email

      If an email is urging you to take rapid or unusual actions, slow down and verify that it is legitimate before trusting it.

    • Never share your credentials

      Cybercriminals use a lot of different pretexts and scams to attempt to steal your credentials. Never tell anyone your password, and if an email points to a login page, visit the official site directly and authenticate from the offical site to protect against lookalike phishing sites.

  5. SQL Injection

    A Structured Query Language (SQL) injection is a type of cyber attack that results from inserting malicious code into a server that uses SQL. When infected, the server releases information.

    To prevent this attack, never use SQL queries as an input capture field directly.

  6. Password Attacks

    Password attackers use countless methods to identify an individual password, including using social engineering, gaining access to a password database, testing the network connection to obtain unencrypted passwords, or simply by guessing.

    A common password attack is a password-guessing attack known as brute-force attack. A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and sysmbolds until it discovers the correct one. Brute-force attacks put user account at risk and flood your site with unnecessary tracffic.

    The most obvious way to block brute-force attacks is to simply lock out accounts after a defined number of incorrect password attempts. But account lockout is not always the best solution, because someone could easily abuse the security measure and lock out a large number of your user accounts. An attacker can disable an account by continuously lock out the same account, even seconds after an administrator unlock it.

    Another method is allow login only from certain IP addresses.

Login