by Victoria McIntosh | Featured Contributor
No doubt you’ve heard the headlines: “Major Company Hit by Huge Data Breach“ or “Ransomware Attacks on the Rise”. Not a week goes by without word that there’s been a discovery of a new digital attack or malware on the loose, and what we hear is only the tip of the iceberg. Cyber crime is big business. Over 4000 ransomware attacks a day were reported to the FBI in 2016, and research has estimated the global cost of online attacks will hit $2 trillion by 2019.
The good news is, executives who take on awareness, education, and preparation as a higher priority for all members of their team can lower business risk of falling victim to attacks. No matter what your line of work, it is imperative to recognize that IT security is part of your job. Fortunately, security doesn’t have to be overwhelming: it’s about paying attention to how we operate, recognizing situations that could expose business intelligence, and taking steps to protect our systems. Learning the terminology is a good step to get started: understanding the little of the basics goes a long way.
Here are six IT security words every person should know:
- Anti-Malware: If computer “viruses” are used by attackers to cause problems, good anti-malware programs are the software equivalent of vaccines. Anti-malware programs on the market vary in price; however a good product includes automatic updates, e-mail protection, access to technical support, and active scanning so that the moment a piece of malware tries to make your computer sick, they stop the infection right away. If you use a computer it should have an anti-malware program installed. If you aren’t sure if one is installed, don’t wait for the attack…. check!
- Data breach: Access to confidential, sensitive or personalized information. Data breaches are large pain points for organizations, particularly if the information taken can be used for committing fraud or further theft, or given to other unknown parties. A data breach may need to be reported to law enforcement and to customers who have been compromised.
- Patching: An update to software, typically to improve security, the is sent out by the software company for people to install themselves. Patches are developed when weak points in existing programs are found as a way to prevent attackers from using this entry to get into your system. If your device tells you a software patch is available, be sure to update.
- Phishing: Used in emails that contain a link. This type of security breach often directs individuals to a website that will request their password, or sometimes connects directly to a virus for downloading. Phishing is a common way cyber criminals get into systems. Unfortunately studies show that a high percentage of people click even when they know the potential dangers; up to 78%! To avoid phishing scams, the best defence is getting into the habit of copying links, even from sources you trust, and running them through a search engine or online virus checker. The extra clicks might take an extra minute of time, but will save hours and costly emergency actions if the link is a fraud.
- Ransomware: A popular new type of hack or virus that encrypts or copies information from the target onto a private server, than deletes the original. Victims of a ransomware attack are told “pay up or lose everything.” Unfortunately, ‘pay up or’ is misleading: there is no guarantee paying the price will get back your data. Evidence shows that doing so will only lead to more attacks. There is however a way to protect your interests using the sage age old advice of keeping current backups, either on the cloud or on external drives. Don’t let precious memories or hours of work go wasted…be ready if your files get hit by having copies of saved data that can be restored, so you can get back to work.
- Social Engineering: Using a small amount of information to find even more information that can be used to create a personalized attack. Cyber criminals are a tricky bunch and social engineering is one of the more clever tricks. The attacker finds out as much as possible about the target through searches, social media and other methods. The attacker then uses this information to connect with the target’s friend, coworker, or even the target themselves, making it look like the target wrote an email or made a request. The friend, coworker or target clicks the link, answers the request and bingo, they’ve been exposed! It’s underhanded, sneaky, and effective, which is why vigilance is so critical. Check links carefully, and if you ever receive an odd request, follow up with the party independently: a single call or verification check can mean the difference between a secure or shattered system!
With so many businesses now digitally connected, leaving security to the experts alone is not an option. Everyone needs to learn the basics, so that when security is discussed they can understand what they need to do and where they fit in. Email, document files and the internet itself were all new concepts that professionals learned to accept as part of the job; with a little practice, checking web addresses, updating software and confirming protective measures are in place can eventually become just another part of the routine.
Victoria McIntosh is an Information and Privacy professional residing in Halifax, Nova Scotia. With over six year’s experience, she is committed to assisting clients with the growing challenges of controlling their information resources through strategic information management, data governance, and privacy controls. Victoria has received an honours BA in History from Mount Allison University, an MLIS degree from the University of Western Ontario, and is certified by the International Association of Privacy Professionals as an Information Privacy Technologist. She works best with a fresh cup of coffee in her hands, or a sleeping puppy on her foot.