Top 8 online threats to cybersecurity: prevention tips and tools
These days, cybersecurity is no longer just a buzzword but something we all have to worry about. With major data breaches on the rise, both businesses and customers must take steps to protect themselves. Here are 8 of the most common online threats out there today and what you can do to avoid falling victim.
Common online threats you need to know about
Phishing is, and remains, top of the list, because phishing is often how other online threats make their way onto your hard drive. Avoid being phished by never opening unsolicited attachments or clicking on links in email, especially email ostensibly sent by a financial institution. Always open the link manually in your browser.
If you get an odd email from a friend, check the headers, as they may have been spoofed. Check with them to make sure they actually sent a link or attachment.
Facebook has also become more of a vehicle for phishing. Infected Facebook accounts may send people malware links through Facebook messaging, so be careful of those links too. If somebody is sending you weird stuff through Facebook messenger, let them know (by a means other than Facebook) so they can secure their account.
In addition to the above suggestions, avoid sites which do not offer HTTPS-secured browsing, easier now than ever with major browsers like Google's Chrome providing a warning to users whenever they click on a non-HTTPS encrypted site. And be sure to add an SSL certificate to your own site to establish secure HTTPS connections which will help protect your users from phishing.
Change all of your passwords and if you think your financial accounts are compromised, talk to your bank. You can also consider putting a lock on your credit so nobody can open new accounts in your name without the lock being lifted first.
The growth of cloud computing may have made some people more vulnerable to ransomware than ever before. In 2017, the WannaCry attack made headlines and crippled the NHS, part of a record level of ransomware threats. These include "wiper" malware, where even paying the ransom will not get your files back.
Ransomware is generally spread through email or through compromised websites. Never open unsolicited attachments (if necessary, check to see if the person really sent the file) or click on links in the email.
Check online to see if there is already a decryptor tool released by cybersecurity firms. Don't pay the ransom, no matter what. Also, keep good, separate backups. Some ransomware will also go after your backups.
Don't click on links in email, as already mentioned. Using an adblocker can help because a lot of cryptojacking scripts run through advertising networks. There are also specific extensions designed to block cryptomining scripts. Run an updated antivirus. If you find a site is running these scripts, avoid visiting it.
Thankfully, cryptojacking does no actual damage to your files, it just wastes CPU time, slows your computer down and may cause hardware wear. Run anti-virus software to make sure you aren't running something outside the web browser.
We already talked about phishing in general, but most phishing attacks work through volume. The scammers will send out thousands, even millions of messages in the hope that a percentage of people will fall for them. Spear phishing is targeting specific individuals, often with the aim of getting into a specific corporate network. The email generally spoofs a friend or a colleague, although it may have been written by a bot, in order to get through somebody's guard.
It's always worth checking that a link or attachment actually came from the person sending it.
If you think you have been spear-phished, warn your coworkers and IT - it may be the lead-in to a worse attack.
Man in the middle attacks are when you think you are sending data to one site, but it is being hijacked and redirected to another. Often this is because of dormant malware that may have been sitting on your system for a while. It looks just like you're entering all of your data on the proper network. Well-designed man in the middle malware can even get past two-factor authentication.
Prevent it by avoiding being phished in the first place and by running up-to-date anti-virus on all devices, including phones.
The Internet of Things promises to increase convenience for everyone, quite dramatically. Unfortunately, when everything in your home is a computer, then everything can be hacked, creating serious cybersecurity risks. Somebody breaking into Alexa to hear everything you say might be creepy, but it is even creepier if you realise they will then know exactly when you are not at home, making you more vulnerable to burglary and physical crime. A networked home is also vulnerable to pranksters who might, for example, mess with your thermostat. In the past, IoT devices have been used to make a botnet to launch a DDoS. Medical devices are a particular issue.
If possible, update the Linux kernel on all of your IoT devices including routers and DVRs as much as you can. Always use a strong password for devices and connected accounts. Adjust device settings so that smart home devices are not randomly listening. Some devices will store recordings until you manually delete them - if this is the case, then make sure to delete them regularly. Change the default name and password for your wireless network, and avoid using your address or name for either. If possible, then change the wake word on your devices to something only you and your family know, making sure to choose a word you are less likely to use in casual conversation.
Change all of your passwords and consider changing the device wake word to something else.
It used to be that you didn't have to worry about viruses on your phone, but this has not been true for a while. Mobile phones should run anti-virus software at all times, and you should only download apps from the actual app store, rather than "sideloading" apps. Although Google and Apple can't catch every instance of malware in an app, they do reduce a fair amount of it. Trojans are the most common way malware gets onto a phone.
Always make sure that your phone is backed up.
With phones, it's often easiest just to wipe the device and reload from backups, but bear in mind that you may reload the malware too. Consider reloading only data and reinstalling apps from the app store. Delete and uninstall apps that give you problems or which you no longer use. Keyloggers are a very common form of mobile malware, used to steal your information.
Adblockers used to be considered rude (and still are in some quarters), but the landscape of the web is such that most people need to run one for their own safety. Poorly-coded ads may not actually be malware, but they may act as such in that they take over your CPU and cause your system to run poorly. "Malvertising" is a growing online threat, and even highly reputable websites may fall victim to advertising networks which introduce malware to their visitors. Some of these ads are programmed to target only people using certain devices (for example, an ad redirecting all MacOS users to a site recommending they download fake anti-malware software) or in certain geographic areas, so the website owner may not know they are there.
Prevent it by running an adblocker. You can always choose to whitelist sites you want to support and trust not to run bad ads.
Stop online threats from compromising your cybersecurity!
In addition to the above prevention strategies, as a domain name registrant you should also use: (1) DNSSEC-validating DNS services, which checks that connections are being made with genuine servers, eliminating hack attacks and redirection to spurious sites; and (2) domain privacy services, which hides your WHOIS domain contact information from identity thieves and other cybercriminals
And don't forget: one of the best ways to prevent all of these online attacks is to get online via VPN. Using a VPN can protect all of your devices from man in the middle attacks, cryptojacking, and a variety of other malicious software and cyber attacks. A VPN will also hide your IP address, which makes it much harder for people to know who and where you are and how to get into your home network.
So, consider adding a VPN - whilst also practicing good cybersecurity practices and making sure not to click on links in that email, even if it looks like it came from PayPal. Or perhaps especially if it looks like it came from PayPal.
Howard Dawson is a technology writer for Strictly Digital, specialising in privacy and security online. As an IT graduate and a writer, he enjoys exploring new topics that are relevant in today’s tech world.