This the first in a four-part series on Internet security, how to monitor and prevent threats to the computers and networks of a small business, and how to combat breaches when they occur.
“The criminals have gotten much more sophisticated over the last few years,” says Sam Masiello, director of messaging security research at McAfee Inc., which protects computer systems and networks.
“Their intention is to infect your computer so that you don’t even know you’ve been infected.”
Hardly reassuring words for computer users or business owners. Cybercrime continues to flourish for one simple reason: it’s profitable.
Hackers use two broad approaches: Either they sneakily install malicious software on your computer to control it or steal your information, or they trick you into giving up your information voluntarily.
The malicious software can enter your system when you visit a shady website, or open an e-mail attachment carrying a virus. If it infects your machine, it might hand control of your computer over to networks that will rent it out to spammers, who will use it as a junk-mail-sending machine.
Or worse, it might install “key-logger” software that takes careful note of every word you type – usernames, passwords and all – and sends it back to hackers, who can co-opt your online accounts, take your money, and even represent themselves as you to your friends.
None of these things bode well for small businesses, which are often focused on the job at hand more than they are on information security. But there are new responses to these threats. In increasingly perilous seas, how do you stay on course without giving in to paranoia?
Here are some suggestions:
1. Don’t open unexpected attachments, even if they come from friends.
E-mail attachments are a great source of malware. But nowadays, they don’t just come from dodgy strangers, they can come from your best friends.
When certain malware infects computers, it will scan e-mail address books and send malicious messages to every contact, making it appear that the message comes from a friend. Oftentimes, they’ll contain messages such as “Here’s the PDF I said I’d send,” but they’re getting more clever and more subtle all the time.
If someone you know sends you an e-mail with attached files that you weren’t expecting, or that seem strangely generic (“Hey, check out these pictures!”), make contact with the sender first to make sure it’s genuine.
“If it sounds unbelievable, it totally is,” says David Mirza Ahmad, a cyber-security veteran and one of the founders of Subgraph, a Montreal-based security start-up. “Look for cues in the e-mail: Is the e-mail worded a little differently? Is it normal to receive random files from this person? If there’s a file, there should be context.”
In fact, any unexpected behaviour from friends on social networks should be taken with a grain of salt. Social networks are the latest frontier for hackers because they engender so much trust. If a Facebook friend starts posting items they wouldn’t normally post, be careful: their account might have been compromised, and the items might be a trap.
2. Update, update, update.
Even if you never opened another attachment in your life, you can still let viruses in, even by doing something as simple as visiting the wrong website at the wrong time.
The software that runs modern computers is enormous and labyrinthine, and hackers are always finding new holes that they can use to sneak malicious software onto computers – usually by injecting. And software makers such as Microsoft, Apple, and anti-virus makers, are constantly rushing to patch those holes. It’s a never-ending game of cat-and-mouse.
This is why it’s essential to keep your software up-to-date, and up to the minute. You need to update three things: First, your operating system (such as Windows or Mac OS), which receive updates to plug security holes as they’re found. By default, these will install automatic updates – it’s important to let them. Second, your web browser (Internet Explorer, Firefox, Chrome) needs to be up-to-date for the same reason. New versions are free to download. This goes expecially for users of Internet Explorer 6, an older version of the popular browser that was well-known as a security nightmare.
