In today’s world, your small business and personal information is about as valuable as gold. Hackers, spammers and other nefarious folks are always on the hunt for insecure methods for gaining access to your data solely to make money. Don’t kid yourself—this is Big Business, with capital Bs!
Knowing how cybersecurity affects you is critical not only while you’re at work but also at home or on the road with your smartphone.
A recent Pew Research Center survey and report shows that less than half of internet users in the United States know about cybersecurity. In fact, most people, which Pew calls “a substantial majority,” were able to answer only two of the 13 questions correctly. The report shows that while most people can identify what a strong password is and understand the perils of using a public wi-fi connection, they struggle with understanding other key aspects of cybersecurity.
Take the Test
Stop a minute and take the test and see how you compare to other Americans. Then come on back and continue reading this blog post. We’ll wait for you. And don’t cheat—take the test first.
Now that you've taken the test, let’s look at some terminology from the test to help you understand best practices for cybersecurity.
- HTTP versus HTTPS—HTTP stands for hypertext transport protocol and while HTTPS stands for hypertext transport protocol secure. Basically, this protocol is what allows you to send and receive information over a computer that is attached the internet. This includes any communication—surfing the ‘net, checking your bank account, sending e-payments, etc. When you see a website starting with HTTPS, your information is being encrypted, which is the process of encoding it so only authorized parties can access it. It’s important to make sure when you are banking or using credit cards online or doing similar activities that you first ensure you are on an encrypted website. You can do that by looking at the website address and ensuring it begins with HTTPS.
- Phishing—This is when a hacker or spammer tries to impersonate a real person or entity, primarily in an email, and sends you to a fake website that looks real. For example, you get an email that says it’s from the Internal Revenue Service (IRS) and you need to click the link and provide your personal information to collect your refund. (FYI, the IRS doesn’t do that.) When you receive emails that ask for personal information—either with a link to click on or even with a phone number for you to call—take note. Likely, it is a phishing scam. And most major banks, retailers and other entities allow you to report such attempts so they can take action to warn other customers. Simply look at the Contact Us page that most websites have and see if there's an email address listed to report phishing attempts. (Most times, it's phishing@ or spam@ or something similar.) Then forward the email to that email to report the phishing attempt.
- Botnet—This is a set of computers or other internet-based devices that performs tasks. It combines the terms robot and network. Typically, botnets are used by hackers to do a distributed denial of service attack (see DDoS below), steal data, send spam and sometimes even allow an outsider to access and control another device—such as your work or home computer or even your internet-based home thermostat, etc. (You may also want to read our blog post on Smart Devices, IoT and the Threat to Small Business.)
- Rootkit—This is the software version of a botnet. What botnets do with machinery, rootkits do with software. The hacker seeks to find administrator (or “root”) access to software so he (or his software) can install the rootkit and basically take full control of the system. The sneaky part is that it can hide and wait until sometime in the future before taking control—and it is often hard to detect and removing it can either be extremely difficult or almost impossible. Make sure you are running anti-virus and other protection software and—most important—that it’s up to date! If you are in a business setting, having a firewall and appropriate software can help to prohibit botnet access.
- DDoS—A denial of service (DoS) is when a hacker takes control of a machine or network and renders it unavailable by blocking its internet protocol (IP) address, which is the address of a computer (e.g., the equivalent of your house number and street name). Usually hackers accomplish a denial of service by flooding a legitimate website with so much incoming traffic and requests that it takes down the system. A distributed denial of service (DDoS) is when the cyber attack uses more than one IP address to deny service.
- OS—This stands for operating system, which is the software that manages your computer hardware and software. There are various operating systems today, including Microsoft Windows, macOS (by Apple), Linux for computers and Android (by Google) and iOS (by Apple) for smartphones and tablets. The key here is to make sure that your operating system software is kept up to date. Most operating systems provide services that automatically update your OS—so don’t disable this ability. Many OS updates are in response to bugs, including those attributed to cyber attacks.
- Two-factor (or two-step) authentication—This is software that requires a user to affirm in two ways and on different devices that he or she is actually authorized access to a computer. Typically, two-factor authorization requires some kind of knowledge as well as possession of something (and potentially something inherent, such as your fingerprint). (Read Entech’s blog post about two-factor authentication to learn more about what it is.) One simple example of two-factor authentication is banking—when you withdraw money from a cash machine, you need your bank card as well as a personal identification number (PIN). In a business setting, using a secure-access product such as Duo can help protect unauthorized access to your data and applications.
- Captcha—This is a method of authentication that tests to see if the requestor seeking access to a computer system is actually human and not a robot. It asks the requestor to enter the letters and numbers that are shown in an image—where those letters and numbers are distorted and therefore not readable by a machine.
- Ransomware—This is the software that a hacker manages to get installed on a device (your computer, your smartphone, etc.) and holds your information hostage until you pay money (a ransom) to get it back. See Entech’s blog on ransomware to learn more about that.
- Spam—This is an unsolicited message—often advertising—that you get in email or on your mobile phone, etc.
- Private browsing—This is a setting on most internet browsers that enables you to turn off the logs that contain your browsing history (e.g., where you visited on the internet); web cache (the place on your computer that stores the documents, pages and images served up in your search); and cookies (a piece of data that is stored on your computer to remember your visit, simply.) When you use private browsing, you have some level of privacy, but you should be aware that your internet provider may still have access to the information about the places you’ve visited while in private browsing mode.
- Smartphone GPS—The Global Positioning System (GPS) is a system that allows devices to receive information from satellites to identify a geographical location. When it comes to your smartphone, most have some type of GPS location capabilities, which you can turn off. However, the key thing to remember here is that even if you turn off GPS on your mobile device, it may still be capable of providing geographical information anyway.
- Public wi-fi—Wi-fi or wifi stands for wireless networking. It allows computers and other devices to connect to the internet without having to be actually plugged into a system that is connected to the internet. Public wi-fi just means that instead of being on your home or work network and connecting to the internet, you are connecting to the internet on someone else’s open or insecure network. That being said, what it means is that anything you do while on a public wi-fi is potentially visible to anyone else on the network—whether they are visible to you or not. Take care when on a public wi-fi to not sign into accounts, access your bank account, read email or do anything similar that would enable someone else to steal passwords, account information or any other identifiable information.
- Virtual Private Network—A virtual private network (VPN) is a private network that is separate from a public network (such as the internet). Many companies use a VPN, for example, to run an intranet—a website that is accessible only to employees. A VPN provides some level of privacy to your personal or business information.
- Key logging—This is the method used by someone to capture, record and log the keys being struck on a keyboard. Typically, this is being done so that the person typing is not aware that his or her actions are being monitored. Be careful to never leave your computer or other device unattended in a public location where someone could install a keylogger without your knowledge. Keyloggers can be either hardware or software based.
- De-anonymization—This is the process or restoring data that was anonymized (scrubbed clean to remove all personally identifiable information such as your name, address, Social Security number, account numbers, etc.).
It’s not always easy to identify threats to your personal or business information, but when in doubt, don’t click on links in emails from people you don't know or provide sensitive information on the telephone to anyone you don’t know.
Find out whether or not you potentially have security issues by clicking on the link below to download "The Ultimate SMB IT Security Checklist."