A checklist against cybercrime
The following checklist and advice against cyber crime had been created out of a collection of experiences and expert advice. It provides a good measure of what needs to be done to fight cyber crime and some proactive measures needed to stay protected. Our checklist is based on best practices from the 2016 Internet Security Threat Report (ISTR).
Types of Cyber Crimes
Every crime committed over the Internet it is referred to as a cyber crime. There are several forms these crime take. Below are a list of the most common:
Hacking: This is a type of crime wherein a person's computer is broken into so that his personal or sensitive information can be accessed. This is different from ethical hacking, which many organizations use to check their Internet security protection. In hacking, the criminal uses a variety of software to enter a person's computer and the person may not be aware that his computer is being accessed from a remote location.
Also read: How to Prevent the most common Application Attacks against websites
Theft: This involves the violation of copyrights and downloading of music, movies, games and software. There are even peer sharing websites which encourage software piracy and many of these websites are now being targeted by the FBI. Today, the justice system is addressing this cyber crime and there are laws that prevent people from illegal downloading.
Cyber Stalking: This is a kind of online harassment wherein the victim is subjected to a barrage of online messages and emails. Typically, these stalkers know their victims and instead of resorting to offline stalking, they use the Internet to stalk. Sometimes, they combine offline stalking along with cyber stalking to make the victims; lives more miserable.
Identity Theft: In this cyber crime, a criminal accesses data about a person's bank account, credit cards, Social Security, debit card and other sensitive information to siphon money or to buy things online in the victim's name.
Also read How to secure your website from attacks using the .htaccess file
Malicious Software: These involve the use of Internet-based software or programs to gain access to a system to steal sensitive information or data or causing damage to software present in the system.
Child soliciting and Abuse: In this case, criminals solicit minors via chat rooms for the purpose of child pornography.
Also read: Website Security: A Guide For Shared Web Hosting Accounts
How to Check Cyber Crime
- Ensure all devices allowed on company networks have adequate security protections.
- Use active monitoring and configuration management to maintain an up-to-date inventory of devices connected to the enterprise network. This includes servers, workstations, laptops and remote devices.
- Implement a removable media policy.
- Where practical, restrict unauthorized devices such as external portable hard-drives and other removable media. Such devices can both introduce malware and facilitate intellectual property breaches, whether intentional or unintentional. If external media devices are permitted, automatically scan them for viruses upon connection to the network and use a data loss prevention (DLP) solution to monitor and restrict copying confidential data to unencrypted external storage devices.
- Be aggressive in your updating and patching.
- Update, patch, and migrate from outdated and insecure browsers, applications, and browser plug-ins. This also applies to operating systems, not just across computers, but mobile, ICS, and IoT devices as well. Keep virus and intrusion prevention definitions at the latest available versions using vendors automatic updates.
- Most software vendors work diligently to patch exploited software vulnerabilities; however, such patches can only be effective if adopted in the field. Wherever possible, automate patch deployments to maintain protection against vulnerabilities across the organization.
- Enforce an effective password policy.
- Ensure passwords are strong and at least 8 -10 characters long with a mixture of letters and numbers. Encourage users to avoid re-using the same passwords on multiple websites, and sharing of passwords with others should be forbidden. Passwords should be changed regularly - at least every 90 days.
- Ensure regular backups are available.
- Create and maintain regular backups of critical systems, as well as endpoints. In the event of a security or data emergency, backups should be easily accessible to minimize downtime of services and employee productivity.
- Restrict email attachments.
- Configure mail servers to block or remove email that contains file attachments that are commonly used to spread viruses, such as .VBS, .BAT, .EXE, .PIF, and .SCR files. Enterprises should investigate policies for PDFs that are allowed to be included as email attachments. Ensure that mail servers are adequately protected by security software and that email is thoroughly scanned.
- Ensure that you have infection and incident response procedures in place.
- Keep your security vendor contact information handy, know who you will call, and what steps you will take if you have one or more infected systems.</li>
- Ensure that a backup-and-restore solution is in place in order to restore lost or compromised data in the event of successful attack or catastrophic data loss.
- Make use of post-infection detection capabilities from web gateway, endpoint security solutions and firewalls to identify infected systems.
- Isolate infected computers to prevent the risk of further infection within the organization, and restore using trusted backup media.
- If network services are exploited by malicious code or some other threat, disable or block access to those services until a patch is applied.
- Safeguard Your Personal Information when using unsecured, public connection by avoiding apps or websites that require your password. These are the types of connections accessed in airports, hotels, coffee shops and libraries.
- Manage Your Social Network Privacy by reviewing the latest changes to privacy settings and be sure you are using these settings properly. Hide your e-mail address from online profiles.
- Disposal of Older Computers is another source for the theft of data. Remember when you delete files, the information is not actually erased. The hard drive should be overwritten or physically destroyed. Never dispose of a computer that hasn&rsquo;t been secured. Your information could end up in the hands of a criminal
Read also: How to Prevent an Exploitation of Your Website by An Attacker
Additional Tips and Measures
Find out which kind of attacks hackers use most often in social media.
Users that spend a lot of time on social networks are very likely to click links posted by trusted friends, which hackers use to their advantage. Here are some of the most popular types of cyber attacks directed at social media platforms:
- Like-jacking: occurs when criminals post fake Facebook like buttons to webpages. Users who click the button don't like the page, but instead download malware.
- Link-jacking: this is a practice used to redirect one website's links to another which hackers use to redirect users from trusted websites to malware infected websites that hide drive-by downloads or other types of infections.
- Phishing: the attempt to acquire sensitive information such as usernames, passwords, and credit card details by disguising itself as a trustworthy entity in a Facebook message or Tweet.
- Social spam: is unwanted spam content appearing on social networks and any website with user-generated content. It can appear in many forms, including bulk messages, profanity, insults, hate speech, malicious links, fraudulent reviews, fake friends, and personally identifiable information.
Read also: How to Fix a Hacked WordPress Website
How it affects you and what can you do to get protected:
- Don't click any strange links.
- Educate yourself about how cyber attacks look and work on social media platforms and learn how to protect your Facebook, LinkedIn, Twitter and Instagram accounts
- Install a solution that can protect you against malware and dangerous web locations.
Also read: How to build your website trust and credibility
99% of computers are vulnerable to exploit kits
Cyber security fact: Oracle Java, Adobe Reader or Adobe Flash is present on 99% of computers. That means that 99% of computer users are vulnerable to exploit kits (software vulnerabilities).
This is because the vulnerabilities that these types of software often present are extremely critical: all it takes is one click on an infected advertising banner to give a hacker full access to your computer.
Adobe Flash has a huge number of vulnerabilities, so cyber criminals target it in the majority of their attacks. By using these security holes in Flash, attackers can infect your computer.
The rise of exploit kits-as-a-service and the increasing use of automation has led to more sophisticated and aggressive attacks. Without adequately protecting your browsers and your entire system, you'll leave yourself vulnerable to a huge range of cyber threats.
How to get protected:
- Keep your software updated at all times or install a solution that does that automatically and silently.
- Keep your operating system up to date.
- Protect your system proactively from cyber threats by scanning incoming and outgoing Internet traffic.
Beware of Insider Threats.
You may be surprised to find out that a shocking 59% of employees steal proprietary corporate data when they quit or are fired. But there are more types of insider threats to get protection against:
- Malicious insiders are the least frequent, but have the potential to cause significant damage due to their level of access. Administrators with privileged identities are especially risky.
- Exploited insiders may be tricked by external parties into providing data or passwords they shouldn't
- Careless insiders may simply press the wrong key and accidentally delete or modify critical information.
These types of security risks is being acknowledged by companies everywhere, and strategies are put together to mitigate them:
How to get protected:
- If a soon-to-be-ex-colleague decides to do some damage before he/she leaves the company, make sure your work goes unaffected.
- Be careful how you manage your passwords: use a password management application, use strong passwords and change them regularly.
- Protect your shared documents and keep updated backups of all the information you're working on.
Cyber criminals favorite way to manipulate victims
People are the weakest link when it comes to cyber security, which is why psychological manipulation of cyber attack victims.
How to get protected:
- Always check the recipient of an email and the source of a message.
- Don't click any strange links and know what a phishing attack looks like.
- Don't install software from untrusted sources.
- Don't trust people blindly and don't give away confidential information to strangers.
While you check off these best practices, be sure to make sure that your security solutions are updated regularly.
Know how to respond in the event of a data breach.
It's important to constantly test not only your security technology but also the teams that manage the solutions to stay ahead of threats.
What else would you suggest to keep the cyber criminals at bay? Do give your contributions and comments?