When you bring to mind someone “hacking” a computer one of the images that likely comes up is a screen of complex code designed to crack through your security technology. Whereas there is a technological element to every security incident, the issue usually starts with a simple mistake made by one person. Hackers understand that it is far easier to trick a person into providing a password, executing malicious software, or entering information into a fake website, than cracking an encrypted network — and hackers prey on the fact that you think “nobody is targeting me.”
Below are some guidelines to help keep you and your technology safe on the network.
General Best Practices
Let’s start with some general guidelines on things you should never do with regards to your computer or your online accounts.
First, never share your personal information with any individual or website unless you are certain you know with whom you are dealing. Hackers often will call their target (you) pretending to be a service desk technician or someone you would trust. The hacker than asks you to provide personal information such as passwords, login ids, computer names, etc.; which all can be used to compromise your accounts. The best thing to do in this case, unless you are expecting someone from your IT department to call you, is to politely end the conversation and call the service desk back on a number provided to you by your company. Note, this type of attack also applies to websites. Technology exists for hackers to quickly set up “spoofed” websites, or websites designed to look and act the same as legitimate sites with which you are familiar. In effect this is the same approach as pretending to be a legitimate IT employee; however, here the hacker entices you to enter information (username and password) into a bogus site in an attempt to steal the information. Be wary of links to sites that are sent to you through untrusted sources or email. If you encounter a site that doesn’t quite look right or isn’t responding the way you expect it to, don’t use the site. Try to access the site through a familiar link.
Second, whether or not you have a Bring-Your-Own-Device (“BYOD”) program at work chances are you will at some point be using a mobile device to conduct to conduct business. Don’t feel that your mobile phone is invulnerable to being compromised. (Every networked device — Apple, Microsoft, Android, Linux, etc. — can be compromised) Mobile hacking is one of the fastest growing areas for exploiting individuals and companies. This is largely because people do not typically have security programs — such as anti-virus software — on their mobile device. Additionally, people often connect their mobile devices to public networks, like those available at coffee shops, hotels, etc. — these networks are not secure. Your best defense against having your mobile device hacked is to install a decent security app and be sure to turn off the Wi-Fi, Bluetooth, and Hotspot settings when they are not in use. Also, try to only install apps from companies you recognize. Further, mobile banking and purchasing apps make life easy, but if you don’t have security software — or if you are conducting a larger transaction — you may want to do it on your computer.
Next, If your computer’s security software pops up a security warning, pay attention to it. Often times we are in a hurry and tend to click through these types of warnings, but that is a mistake. The warning is there for a purpose whether it is a flag indicating that a website is potentially dangerous or a notice that your computer has detected malware. When you see a warning it is best to stop what you are doing, close down any open websites, and call your help desk. You may also want to scan the computer with your security software. However, be careful of “security warnings” that pop-up from websites. If the warning does not look like the warnings you are used to, and does not indicate the name of your security software, it may be a malicious attempt to compromise your computer.
Finally, don’t plug USB drives into your computer unless you know where it comes from and where it has been. Rouge USB drives are a method by which hackers get malicious programs onto your computer. The drive may contain an enticing file that when clicked, loads a virus onto your computer, or in some cases the drive may load the malware simply by being plugged into your USB port. So, if you find a USB lying around it is best to turn it into IT, or throw it away.