Frequently Asked Cybersecurity Questions
We've provided straightforward answers to a handful of cybersecurity questions we hear often:
When you connect your devices to the majority of WiFi connections at public places (e.g. coffee shops) you are putting yourself at risk of a potential cyber attack. Without using an encrypted communication method (which most people don’t), any data exchanged along the WiFi signal can be intercepted by others sharing the same connection. This happens more than people think. Cyber criminals have the ability to deploy tools that allow them to monitor and intercept files and passwords that you use. It is recommended to always use caution and never do banking, send sensitive documents or enter passwords while on public WiFi connections.
LaunchTip: Consider using a cellular personal hotspot which is owned and operated by you as an alternative.
Today’s network perimeter has extended outside of the confines of the traditional office. With employees working remotely from home, coffee shops and co-working spaces, the network perimeter has now moved to the endpoint (computer device). The SMB market has seen a shift away from VPN usage therefore leaving these remote users outside of the firewall. With these scenarios additional security layers are often necessary to protect the endpoints.
LaunchTip: Employ next-generation devices that include ongoing behavioral analysis, not just signature based antivirus.
Sending documents through most traditional email solutions is similar to sending a postcard in the mail. It can be intercepted and read by bad actors and attackers since there is no encryption. Another risk is sending the email to the wrong recipient simply by sending the email to the wrong email address. It happens to the best of us. There are cost effective email solutions available which allow users to send emails in encrypted format in order to protect the information.
LaunchTip: All sensitive and confidential documents should be sent in an encrypted format.
Most IP based security camera systems require regular updates and patches as they are released by the manufacturer. Many of these are released based on discovery of security vulnerabilities found in the firmware or software in the system. Unlike most other software solutions that you use on your computer, the majority of on-premise video surveillance systems do not automatically update or notify you when patches are available. This leaves many systems running for long periods of time, unsecure and with vulnerabilities.
LaunchTip: Make sure your service provider implements regularly scheduled and/or ongoing system updates and patches.
Yes, unfortunately all companies, large and small, are at risk of cyber threats and attacks. There is no guaranteed way to prevent a breach and there is no such thing as 100% secure.
LaunchTip: Employ multiple layers of cybersecurity that consider framework, culture, and technology.
Phishing is a method cyber criminals use where they attempt to lure you into clicking a link or attachment with the goal of getting you to provide sensitive personal or company data. These attacks are becoming more sophisticated than ever and often are sent via email, webpages or even SMS text messages. The communication often looks like it is coming from a legitimate source (e.g. your financial institution, a social site, the IRS or similar).
Spear Phishing is a targeted approach with a specific identified user being attached. Often in this methodology a spoofed email will be used that looks almost identical to a normal one that you may receive from a co-worker, customer or vendor. It is very difficult to identify the difference between a real email or a malicious one.
LaunchTip: Always be on the lookout for emails with typos, those insisting urgency or that ask you to click and verify something.
Ransomware is a type of malware that infects a users computer or server. The attacker uses encryption to block the user from gaining access to important files. These files can be customer information, payroll, or any other types of sensitive info inside your organization. The attackers leave a message on the infected machine for the user to find demanding money to be sent, usually in bitcoin to the attacker. The amount of funds can range from small amounts to large.
If your data is not backed up appropriately often the data can not be decrypted, not even by security specialists. This leaves the affected party to often give in and send the requested funds to the attacker. In many cases, the attacker will unlock the encrypted data as they are in the business of extortion and want to be able to have the same results with the next victim.
LaunchTip: Choosing to pay or not to pay is a difficult decision. They key is trying your best to defend against it.
Two-Factor Authentication (2FA) is a second layer of verifying login authorization following the entry of a login/password. For example, entering a code sent via text message, answering a personalized security question, using a fingerprint reader or entering a code generated on a physical token that you carry. Many websites today have Two-Factor Authentication integrated in to their systems, yet many users do not have them activated.
LaunchTip: You can search for websites and how to quickly and easily activate 2FA features at www.turnon2fa.com.