Is your business a target for cyber crime? Some business owners feel they are too small to be noticed, but you do have something cybercriminals want — your business and customer information. No computer security system is absolutely foolproof and no business is too small that it could not be targeted. The best way to protect your business is to be aware of the threats, have a plan to deal with them and know what to do if you are attacked.
Computer security threats
In order to protect your computer or network, you need to know about the threats that your business could face. Awareness allows you to prepare for these threats and have an action plan in place.
The term malware is short for "malicious software". Malware is any software that can change or degrade the performance of your computer, or that allows third parties to steal information from your computer. Some of the better known types of malware are listed below.
- Spyware monitors how you use your computer and tells a third party what websites you go to, who you communicate with, what online purchases you make and other online habits you have.
- Virus/worms can infect your computer and then try to infect other computers. These infections can be used to access your secure data, crash your computer, or send spam emails.
- Keylogger records everything that is done on your keyboard, including the entering of usernames and passwords, credit card information, and banking information.
- Rootkit hides the presence of malware or allows someone else to take over your computer entirely.
- Trojans trick you into letting something unwanted invade your computer, such as a virus or rootkit.
Identity theft is one of the more lucrative activities of cyber crime. The method used to steal your information is called phishing. The most successful method of phishing is getting you to give up your personal or business information.
Here are some examples of potential phishing messages:
- A generic greeting, such as "Dear Customer" — the message could be for anyone
- Asking you to act quickly or face consequences — "Your account will be closed if you do not do as we ask right away"
- Errors in the message — misspellings, poor grammar, incorrect punctuation
None of these signs are absolute. Cybercriminals change their methods often. A type of phishing called "spear phishing" can be directed at specific organizations. It will not have a generic greeting.
A botnet is a network of computers set up and used by cybercriminals. They do not own the computers in their network; you do. The cybercriminals can use a botnet to send out spam emails, process stolen data, or store illegal files. A botnet can also be used in a denial-of-service attack against your business or organization.
Some signs that your computer might be part of a botnet are:
- Your computer is slower than normal or you keep losing space on your hard drive
- Some of your disk drives are inaccessible and your computer often crashes, freezes or reboots
- Your Web browser looks different or your home page keeps changing
- Your modem is very busy even when you are not using the Internet
How threats can reach your computer
The modern computer criminal is not a hacker. Computer expertise is not needed to access your computer. The software needed to spread malware can be bought "off the shelf".
The most common ways for malicious software or malware to get into your computer are:
- Spam — unsolicited emails that can be anything from advertising to joke emails
- Peer-to-peer file sharing — transferring files directly between computers across the Internet
- Websites — visiting a website that redirects your browser to install malware on your computer or to click on a malicious link
- Flash drives, removable hard drives, CD-ROMs — if these are infected, they can get past firewalls and spread the virus
New ways of infecting computers are being invented all the time. As one method stops working, others are developed. You need to be aware of how you can protect your business information.
There are many ways to protect your computer and your network. None are completely foolproof, but using them will help to protect your computer and your business information.
- Routers — If you have a computer network, you are probably using a router. Even if you only have one computer a router can give you a layer of protection.
- Data backup — Backup your important files on a regular basis. Keep this data on a separate file system. It will reduce the impact malware can have on your computer.
- Firewalls — A firewall is a barrier you put between your network and other networks, including the Internet.
- Anti-virus and anti-spyware — These are programs that will hunt down and isolate or remove malware that gets into your computer.
- Administrator's account — Do not use the default account of your operating system. This account has full control of your operating system. Create a user account for everyday use. Keep your work computer for business data only.
A password allows your computer to verify that it is really you that is logging in. Don't use family names, pets' names or ones that can be easily guessed. Below is information on what may help make your password more secure.
- Use a different password for each application or service
- Use numbers and other characters or symbols, as well as capital letters
- Use more than the minimum number of allowed characters
- Don't give your password to anyone and don't let anyone see you type in your password
Being smart about how you use your email can help you stop access to your computer. Here are some pointers to think about when you access your email.
- Do not open any attachments if you do not know the source.
- Even if you know the source, save attachments before opening them. Saving gives your anti-virus protection a chance to do its job before your computer can be infected.
- Use the anti-spam features that your email program, security software and Internet service provider give you.
- Suspect any email that calls on you to act quickly.
- Be cautious about forwarded emails. Even if a forwarded message is legitimate, it could still hold malware if it is a chain email.
No matter how your business uses the Web, it only takes one visit to a malicious website to compromise your business information. There are ways to reduce the risks.
- Do not type addresses directly into the address bar; a simple typo can mean access to a dangerous URL.
- Be suspicious about requests for business or personal information.
- Log out of websites when you are done.
- Be cautious about letting your browser remember your passwords.
Are strange things happening when you use your computer?
If your computer seems slower than normal and you see strange screens and warnings when you boot up, these could be signs that your computer is infected by malware. Don't feel that your computer's behaviour is something that you have to put up with, but it is something that needs to be investigated. Do not ignore changes to your computer's behaviour! Even something as simple as running a full anti-virus scan, when you see something strange, can potentially save you from catastrophe.
Computer security reminders
- Keep public access computers on a separate network
- Lock your computer when you are away from it
- Establish secure rules about using computers at work
- Delete sensitive data
What to do if you are attacked
If you think you are a victim of cyber crime, contact your customers and partners, and the police.