Basic Cyber Security
Cyber security threats are continually evolving. Viruses, worms, trojan horses, spyware, phishing, adware and scareware have all been around for a long time. Lately, one particular form of malware known as ransomware has been creating havoc with businesses and organizations worldwide.
Ransomware when detonated works by locking up your files using encryption. You are then asked to pay a ransom to get the code that allows you to unlock your files. Lately, some cyber criminals don’t even add value to this “service” they offer. They just take your ransom and don’t give you the code.
Many customers we see during our daily work (and rescues) don’t even have the most basic cyber security measures in place. This article is intended for the non-technical amongst us to assist and educate about the need to protect computer users against these ever-evolving cyber threats.
In every case we have seen so far, the ransomware package has been physically detonated by a human using the endpoint. Ransomware mostly arrives in email as either an attachment or as a link to a malicious or compromised website. It can also be spread from software downloads, websites and advertising delivered over online ad networks.
What can you do?
Educating yourself and your employees are the #1 defense against cyber criminals.
- Three years ago, in the olden days, we used to say don’t open an email or attachment from someone you don’t know. These days that rule still applies, however, we have seen cases of ransomware being “redistributed” to everybody in the victim’s email address book, so it’s not just people you don’t know that you can’t trust.
- Think about that attachment or link you are about to open. Common sense applies. Were you really expecting an invoice from your mother? Were you really expecting that traffic ticket from the police? (Think – how did the Police ever get your email address?)
- If in doubt about an email then phone the person up and ask if they just sent you that attachment. Better to be safe than sorry.
The most basic cyber security needed on your computers and network.
- Every endpoint in your network (Cell-phones, Laptops, Desktops, Servers etc.) must have up to date and functional business grade Anti-Virus software.
- Apply Operating System patches. Manufacturers like Apple, Microsoft and others regularly release patches and updates to fix vulnerabilities that have been discovered (mostly by cyber criminals) in their operating systems.
- Apply application patches. Products like Office, Adobe, Chrome to name but a few, all have vulnerabilities and exploits. As these exploits get discovered patches are released by the manufacturers to remedy the situation.
- Always use the latest version of the operating system available. Whilst Microsoft’s Windows 7 is still around and a good operating system, Windows 10 is inherently much more secure.
- Restrict administrative privileges. Only log in as the administrator to perform administrative functions. Your regular login (and your employees) should only have standard user rights. Why? This makes it harder for malware to be installed, as installation usually requires administrative privileges.
- Backup your data daily. This needs to be business grade and not to a shared drive on the network. Why? Most ransomware will spread to every “share” it can find – too bad if that is your backup. With regards to ransomware the phrase “Backup or Pay up” springs to mind.
Beyond basic – The next level of cyber security measures.
Once the basics are covered off, we can then talk topics like firewalls, VPN, cloud virus and spam pre-filtering of emails, changing settings in software, 2-factor authentication, and an application that detects and stops unauthorized encryption etc. These will give a much more comprehensive solution beyond basic, however “comprehensive” is probably beyond the scope of this document titled “Basic Cyber Security” and would make it rather long and too technical.
How can Computer Troubleshooters help?
- Businesses without their own IT resource will often need assistance in implementing these basic cyber security measures. As an IT department for the small and medium-sized businesses, Computer Troubleshooters can be your IT resource.
- We are able to deploy a management system to your computer(s) and network that keeps a track of your Anti-Virus, Patching, and Backups etc. This system reports to our service desk when things are going away.
- We are able to assist with your staff training, with a presentation and booklets etc.
Technical Stuff/Further Reading
NZ Government Communications Security Bureau – NZ Information Security Manual Download Page