Avoiding Cyber Attacks

For many years, hackers attempted to access networks and data with viruses that could automatically move, replicate, and embed themselves on new computers.  Today, network security, firewalls, and anti-virus software have rendered most of these attacks ineffective.  But that does not stop hackers.  They have moved on to the next weakest link -- you.

Most current system attacks trick unwitting users into allowing hackers and malware into the system.  Once embedded there, the hacker can invite in other malware and begin to do real damage to a network.  Therefore we must all be vigilant against potential threats to our network.  There are several issues that everyone should consider:

Email providers have gotten pretty good about preventing dangerous attachments from getting through.  But they are not foolproof.  If you get an attachment that looks suspicious, have someone from IT take a look at it.  Often, you can view a document without opening it.  If the sender or the document itself says that viewing it properly requires granting a permission, or enabling macros, that is a big red flag to stay away.

Because many email providers block dangerous attachments, hackers may include a link asking you to connect to a web site.  That site may be infected.  If a link looks suspicious or is even unfamiliar to you, question whether you should click on that link.  If the link has a "php" in the address, that means it is designed to run a script.  Sometimes this is legitimate, but often not.  It requires closer scrutiny.

Just because you know the sender, that does not mean the message is safe.  Many times, hackers will access the email account of an innocent party, then send emails to everyone in the address book.  We recently had one hacker who remained connected to the account, responding to questions about the email and saying it was legitimate and that the recipient should go ahead and click on the link.  Poor grammar is often a tip off, but not always.  If you are not sure, pick up the phone and call the sender.

If a site asks you to enter any name or password where you do not usually do so, that is a red flag. A Google site, for example, should see you are already logged in and not ask again.  Hackers often create sites that look like a legitimate site, just to steal your name and password.  If you must create an account at a new site, be sure to use a name and password different from what you use for other sites.

If you go to a site and something strange happens, let IT know about it.  Years ago, a hack would be obvious right away as you were bombarded with advertising or had other immediate problems.  Sophisticated hackers today put malware that has little impact on you, but can turn your computer into a "zombie" used for distributing malware to others.  It is often a good idea to have someone run a couple of scans on your PC to make sure all is well.

If you think your home computer or other device (yes, phones and tablets are vulnerable), please don't connect to our network via VPN or use the firm's WiFi.  Your device can act as a Trojan horse, bringing malware inside our firewall to be released on the network.  If you ask, we can recommend several anti-malware programs to run and check out your home computer.

Never give your password to anyone, either via email or over the phone, unless their names are Mike, Mary, Lucy, or Bode.  No one from Google will ever ask for your Gmail password.  No one from Microsoft, Apple, your bank, your broker, or any other outside company should ever request that sort of information. If an outside vendor requests that sort of information, get their name and say you will call them right back, call the company's main number and ask to be transferred to that person.  Do not just call a number that the caller gives you. Do not rely on caller ID, which is easily faked.

In short, stay alert, if something looks suspicious get a second opinion before acting.