Cybersecurity is an ever-evolving organism and staying ahead of its developments and threats is a challenge. The terminology itself poses its own challenges in understanding this new landscape.
Business Lab defines some terminology to make yourself familiar with and some tips on how yo keep you safe and protected.
The constant effort of keeping all your devices secure, data privacy, and the online world safe from harm can be a daunting task. There is a plethora of reliable solutions out on the web especially if you’re not familiar with the terminology and acronyms.
Here’s a glossary of security terms you need to know to stay safe:
Botnet – A botnet (robot and network) is a network of devices infected by an attacker and then used together to perform tasks such as DDoS attacks (see below), mining Bitcoin, and spreading spam emails. Almost any device connected to the internet, including home routers, can be infected and pulled into a botnet without its owner ever noticing.
Data breach – A data breach happens when a company’s network is attacked and valuable data is stolen – usually personal information, log-in credentials, credit card details, and Social Security numbers. The stolen data can then be abused in myriad ways: held for ransom (see Ransomware below), sold on the darknet, and used to make purchases. Often hackers try to crack email passwords, then test those log-in details on other popular sites, since many people use the same credentials for multiple accounts.
DDoS attack – Attackers use DDoS (Distributed Denial of Service) attacks to render a network unavailable. They do this by overwhelming the targeted machine with massive requests from multiple devices. The target suffers a severely clogged bandwidth, and legitimate connections become impossible. These attacks are typically carried out by botnets (see above).
DNS attack – A “domain name server” attack is a type of DDoS attack that uses specific kinds of query protocols and available hardware to overwhelm a system with incoming queries. A hacker could manipulate publicly accessible domain names and flood the target with large volumes of data packets or requests.
DNS hijacking involves redirecting users to malicious sites through the use of a rogue DNS server. For instance, you’d expect “google.com” to take you to Google’s IP address. Using a DNS hijack, however, cybercriminals can translate “google.com” to their own IP address, redirecting you to a malicious site where they can collect your information or have you download malware. In an attempt to get you to click on a link, DNS hijacks can also deliver altered search results.
Mobile banking Trojans – It looks like your trusted banking app, but that’s just an overlay. Underneath, a mobile banking Trojan tricks you into entering financial credentials and personal information. It can also gain administrative rights to intercept SMS messages, making it possible to record two-factor authentication codes as well.
Open Wi-Fi – Encrypted connections protect you. Open Wi-Fi networks are unencrypted, which is why they’re risky. Anyone can create a fake hotspot and trick your device into joining it automatically.
When you use open Wi-Fi without the protection of a VPN (see tips below), anyone on that network can see the sites you visit, your login passwords, your financial and personal data, and more. Hackers often name their phony Wi-Fi networks after popular spots (like “Starbucks”), knowing that most devices automatically re-join hotspots they’ve used in the past. Hackers can even redirect your unencrypted traffic, sending you to malicious sites.
Phishing – Used by cybercriminals to trick you into giving up sensitive information, phishing scams pose as emails from an organization or person you know. There is usually a link or attachment included, which it urges you to click so that you’ll unwittingly download malware to your system. Sometimes phishing scams look indistinguishable from the sites they’re imitating, and they attempt to trick you into entering your password.
Ransomware – Ransomware is malware that takes hold of your system and encrypts it, sometimes attacking individual files. Attempting to access the encrypted files triggers the ransom note, which claims you are locked out until you make payment. The messages sometimes pretend to be from an official government agency accusing you of committing a cybercrime, which scares many into paying the ransom. Payment is often demanded in Bitcoin.
Spyware – Spyware is malware used by hackers to spy on you, so they can access personal information, bank account details, online activity, and anything else they may find valuable. On mobile devices, spyware can log your whereabouts, read your text messages, redirect calls, and much more.
Tips to keep yourself safe and secure
While it may all sound daunting, employing a few simple strategies will keep almost everything from botnets to Trojans at bay. Here are our top tips:
Install solid security software on every device. Find a reliable and reputable software that prevents malware from infecting your device. Find one with a Wi-Fi Inspector, which scans your home router for vulnerabilities. The paid versions have features that ensure you reach the actual websites you want to visit, and prevents hijacking, thanks to an encrypted connection between your web browser and your providers own DNS servers.
Use strong and unique passwords. Generate secure passwords and change them regularly…
Only download apps from trusted sources. Also, use a smartphone antivirus that blocks Trojans from entering and removes any that already have.
Employ a virtual private network (VPN) if you plan to take advantage of free, open hotspots. A VPN creates a secure, encrypted connection, protects your personal data and your privacy. With VPNs, you browse anonymously and your location can be changed, helping to keep you from being tracked.
Think twice before opening attachments, following links, or sharing sensitive info. Look closely at any email asking you for personal information. If you see a typo or incorrect logo, or anything that puts you in doubt, contact the sender (using a method other than replying to the email) to verify the contents before taking any action.
To prevent ransomware from attacking your system, look into security software that can be installed on all of your PCs.