Most reasonably tech-savvy internet users know that there are certain do’s and don’ts when it comes to protecting yourself online. And you’d probably assume that large corporations have water-tight security measures in place to guard their business-critical assets – not to mention their credibility and reputation.
However, any security system is only as strong as its weakest link. Regardless of whether you’re a huge multinational, a small to medium enterprise (SME), or just at home browsing the web on your laptop, the weakest link is always the same: the individual user.
The decision whether to click on a link in an email, open a suspicious word document, or enter a password in an insecure location always comes down to the individual.
Despite corporations spending huge sums of money on employee security awareness training, negligence remains the number one cause of data security breaches. As much as 96% of consumers view employee negligence as contributing to data breaches at US companies.
So, what can you learn from how fraudsters attack businesses and how organizations address the security challenges they face every day? And, how can you apply that knowledge to help keep yourself safe as an individual without the resources of big businesses at your disposal?
The most common business attack vector that we can all learn from
In the world of business cybersecurity, the methods bad actors (hackers) use to attack companies are known as attack vectors. The most common attack vector used to compromise businesses is social engineering using “spear phishing” via email or private messaging.
Social engineering refers to the practice of using deception to trick victims into giving out personal or confidential information that can be used for fraudulent purposes. A spear-phishing attack typically involves the victim receiving a targeted, personalized email or message that has an attachment or contains a link to a website.
Once they click on the link or open the attachment (often a Word document), software is triggered that exploits a vulnerability in their word processor or browser. The software, or “malware” to give it its proper name, allows a hacker to take over their system and look at the files and information it contains.
This common method of attacking businesses is one that hackers also exploit to extract personal credentials, such as usernames and passwords, from individuals for services such as online banking. They also use personal information for identity theft, or they may even hack you just to prove they can!
If you do open a suspicious document by mistake or inadvertently click a link you shouldn’t have, malware will often give itself away. It may cause your hard drive to spin rapidly, a sure sign that a program is executing, and you have possibly been infected.
Other signs of malware infection include:
- Your computer gets dramatically slower
- Ads start displaying on your screen (annoyingly)
- Your computer crashes
- You get lots of popups
- Your browser homepage is changed without your knowledge (very common)
- You notice an increase in internet usage
- Your contacts say they’ve received strange messages from you
- You see icons on your desktop you don’t recognize
- You can’t get access to your control panel in Windows
What to do if you suspect you’ve fallen victim
If you’re unfortunate enough to be infected by malware (or suspect you’ve been infected), here are some basic steps you should take immediately:
Disconnect from the internet
This is a sensible precaution because if you’re no longer connected, thieves can’t steal your information.
Scan your device
Always make sure to have solid, updated antivirus software installed in case you fall victim to an attack. Immediately scan your device to see if it picks up a problem and resolve the issue based on instructions provided by your antivirus supplier.
Make a backup
Before attempting a repair, be sure to back up your data and important files. Making a backup is a good rule of thumb because certain information could get lost in the recovery process and you may need to restore it afterward.
Possibly reinstall your operating system
In the case of a severe attack, it may become necessary to reinstall your operating system completely. This happens when a sophisticated threat hides deep in your system using techniques that your antivirus may not pick up.
Following the example set by businesses
As you can see, fraudsters attack business systems in very much the same way they may attempt to compromise your own personal devices. This means you can safely follow their lead by recognizing that awareness is your first and best line of defense. After all, that’s why businesses invest such large amounts of money in employee security awareness training.
You can beat the fraudsters at their own game by arming yourself with as much knowledge as possible, starting with the information shared in this article.