Post #5 in threat types
Hostile software presents a confusing problem for business owners.
It’s hard to visualize the hazards. Words like “worm”, “virus” and “malware” seem interchangeable. Then there is the image of a hacker endless promoted in movies and television.
Let’s make this solution oriented.
There are known measures to protect people just like you. “So how did those other businesses get burned?” you may ask. They got burned for several reasons: Postponing any action, ignoring warnings, not using strong passwords, and so on.
In other words, they did not take the danger seriously. This is human nature: People avoid discomfort.
Here are three mandatory steps to prevent disaster: 1) Use strong passwords, 2) Recognize hostile patterns, and 3) Backups.
Strong Passwords“A strong password consists of at least six characters (and the more characters, the stronger the password) that are a combination of letters, numbers and symbols (@, #, $, %, etc.) if allowed. Passwords are typically case-sensitive, so a strong password contains letters in both uppercase and lowercase. Strong passwords also do not contain words that can be found in a dictionary or parts of the user’s own name.” —webopedia.com The common complaint is “I can’t remember that.” OK, that’s a real problem, so here are several solutions… 1) Find an effective way to memorize the password. Here are one idea from Small Biz Trends: Tip sheet. The only person that can understand the tip is you. For example, using the password Mntgmr215$ from item #3 on this page, the tip sheet might say “Alabama, school#, quad-up” Deciphered: The U.S. State with the city Montgomery, a number/numeral that represents the year you left for college, and quad means four while up means uppercase to get the $ symbol. 2) Let good password-management software remember it for you. Products like Dashlane, LastPass, and others are very effective. A few even offer a free version. If you are expected to keep track of multiple strong passwords, you are probably ready for a password management tool. These are easy to find online via our Sources list below. 3) Create a password that contains clues but is still strong. Example: You grew up in a city named Montgomery, left home for college in 2015, and you own four/4 pets. First, take the city name and change it from a word to a text string. Now drop the zero from the college year to get 215. And if you find the number four (four pets) on a keyboard, holding the shift key makes that a dollar sign/$. So your password might be Mntgmr$215 or Mntgmr215$. Either one is at least six characters and has the other “strong password” traits. Done!
These patterns can be events, or a single item seen on your computer. Here is an example pattern. Behavior: Your system logs shows a sudden spike in internet activity. Plus, it took place two hours before most people showed up for work. Here are more samples from DigitalGuardian.com:
- Unusual Outbound Network Traffic
- Anomalies in Privileged User Account Activity
- Geographical Irregularities
- Log-In Red Flags
- Increases in Database Read Volume
- Large Numbers of Requests for the Same File
- Mismatched Port-Application Traffic
- Suspicious Registry or System File Changes
- Unusual DNS Requests
- Unexpected Patching of Systems
- Mobile Device Profile Changes
BackupsRegular backups to a secure location can save your life. Please talk to a professional tech person about ways to automate your regular backups. And, find a good spot that is only used to hold your backups. There are online and off-line options, as well as tools that are either free or paid. Not satisfied with this “short list”? Here’s an extra tip: Don’t let team members undermine good advice. In other words, don’t create a strong password and then write it down somewhere. That invites disaster. Resist the temptation. Find ways to make security training fun. Still want free advice from Realize? Think like a crook. Hopefully, this is a stretch for you. Let’s try it. Assume you have used method #3 to create a strong password. But, your managers want you to change it once a year. You know that hackers take advantages of habits that people normally have. So, use a word that is not a geographic location, then use a number that is not a year, then use some other type of symbol that is not often seen.
Understand the lingoWell, there is your solution oriented approach. Let’s end with a breakdown of the original terms: From SUCURI.NET …
Virus A computer virus functions very much like a parasite, replicating itself infinitely or until its programmed task is complete. Its purpose is to hide within an application, so it must be activated by the user. Worm A worm has the ability to delete and/or replace something with something else. Its objective is to destroy a system as it moves along from one system to another. It can also replicate itself. Trojan A trojan is the term for any application (including web applications) that houses malware. Now the application may do what it is designed to do, but will reveal its true intentions when it releases a malware attack upon the system once activated through the installation process. Scareware This malware generates an obnoxious (and sometimes flashing) alert that pops up on the screen to inform the user that their system is infected, urging them to purchase the advertised anti-malware product to remove it. Spyware Spyware is a type of malware that hides in the background of a system and records personal information – such as visited sites, financial information, or keystrokes. Adware and Pop-up Ads Adware is a type of malware that usually works in conjunction with spyware. It can track a person’s browsing or purchasing habits through the spyware and then constantly display advertisements that reflect those habits in a frequent and irritating manner.
To learn about other threat types, check out these free Realize articles:
Sources:Remembering passwords Password Managers Hostile Patterns Best Backup Software
Photos courtesy Unsplash