Everyone is familiar with the term cybersecurity, but what does it really mean?

            Cybersecurity is protecting your information stored and transmitted in computer networks from external threats through the use of technology and behavioral modification that adopts best practices and processes.

How do people access my information that is stored digitally?

            Basically, they get it through compromising a systems security features and providing a way to access it remotely. This is normally done through tricking a person into giving them access. The typical pattern starts by opening something on a device from an untrustworthy site, email, or a storage device that has been infected. Then you either give them sensitive information or you get malware which can cause all kinds of problems, up to blackmailing you for the return of access to your files.

What is phishing?

            Phishing is sending people emails or messages on social media asking you to click something. When you click on the link it will send you to a site that looks like one you trust and ask for your user ID, password, and maybe credit card information. Phishing can also be used to install malware directly on to your computer by downloading a file.

What is malware?

Malware is software meant to disrupt your system by slowing it down, making it crash, locking access to files or a number of other issues.  It typically comes from downloading a malicious file from email, website, or a corrupted external device connecting to the system. The most intrusive malware are ransomware which encrypts your files and requests a payment, typically via cryptocurrency, for return of access to your files.

Are there other types of cybersecurity threats?

            There are many types of attacks. Distributed Denial of Service is basically making a website crash so customers and employees can’t utilize it. Many WordPress sites are getting malicious code that prevents them from showing on Google due to violations. This is a cross-site scripting attack and can help hackers obtain cookies from people who visit the site. Another type of attack that has become common place is a brute force attack. This kind of attack can work by utilizing a combination of hardware and software to attempt to figure out the password and gain entry.  There are many others, but these are just a few.

What can I do to help protect my business from cybersecurity attacks?

            While you can’t do anything to completely prevent cyber security attacks, the following are some best practices:

1. Keep all systems updated.
2. Train employees on proper cyber security practices.
3. Use security endpoint protection software like Webroot, the preferred endpoint software of Maryland Computer Service.
4. Have a backup and disaster recovery plan in place. This will give you the ability to recover in the event you are compromised.
5. Use qualified third-party IT management to assist you in achieving cyber security best practices.
6. Avoid common and default passwords.

What else can be done to prevent phishing?

Some other things that can be done to avoid phishing include:

1. Office 365 has many options to help prevent phishing but they need to be configured above and beyond just setting up email. Contact us to learn more.
2. Hover over links before clicking to verify they are legit.
3. Use DNS filtering solutions to block known threats.

What can I do to prevent brute force attacks?

1. Setup multi-factor authentication using your cell phone or other device.
2. Get rid of log-in credentials where unnecessary.
3. Use CAPTCHA to require a person to manually try to get in the system.
4. Use progressive lockouts. It prevents further attempts for longer periods of time with each failed attempt.
5. Use premium VPNs as they allow for much better security than free Remote Desktop Protocols.

How can I protect my company against Distributed Denial of Service?

1. Have redundancy.
2. Utilize the cloud to give flexibility to the amount of traffic you can handle.
3. Create a plan for worst case scenario.
4. Monitor for unusual activity.

How do I protect against Cross-site scripting?

1. Make sure your site code, themes, and plug-ins are currently supported.
2. Run checks on your website to verify that you don’t have any other known vulnerabilities.
3. Utilize HTTPOnly on your site to prevent Javascript from utilizing cookies. NOTE: This could cause parts of your site to stop working properly. Only have a qualified developer do this.

These are just some of the things to think about when practicing cyber security.  If you have any questions or concerns about your cyber security contact us at Maryland Computer Service and we will be happy to help you test your cyber security, implement best practices, conduct maintenance, and train your people on cyber security best practices. Through a combination of technology, behavioral changes, and knowledgeable tech support, you can rest a little easier knowing that you are doing the most to protect your business and customers from disrupted service and financial risks coming from threats in the world of technology.