8 Ways to Fend Off Spyware

Uploaded on 2015-09-29 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Spyware, malware, phishing and, more recently, ransomware - the list of online threats can be confusing and daunting. Knowing what you’re up against is half the battle. Each of these types of attacks has specific characteristics:

 
Spyware – software that collects information about you or your computer without your knowledge.
Malware – a broad category of software (including viruses, worms, Trojan horses, etc.) that damages your computer, in either a minor or major way.

Phishing – an attempt to get your personal information (usernames, passwords, credit card numbers and), usually for nefarious reasons. Usually accomplished by electronic communication (e.g., email), but also by "social engineering" (tricking people into abandoning standard security protocol).

Ransomware  - a much more extreme version of spyware that will actually threaten to lock you out of your computer or encrypt your files unless you cough up a fee.

Most of these are easier to avoid than they are to remove. The following easy-to-implement security practices will help you protect yourself and your business from becoming easy targets for cybercriminals and online scammers.

 1. Enable two-factor authentication
Passwords are convenient and tried-and-tested when it comes to securing your online accounts and digital data. However, the major downside is their susceptibility to being stolen using spyware or through trickery. The use of two-factor authentication (2FA), however, is a good defense against account compromise even when the bad guys have your passwords. Basically, 2FA adds another layer of protection after your password, usually by combining one factor (your password) with a second factor (a text message/verification code sent to your cellphone number).

As you can imagine, two-factor authentication works only if they are set up ahead of time, so do look into enabling it for all your online services and accounts. In fact, Telesign recently launched turnon2fa.com, a free and comprehensive guide on how to enable 2FA on more than 100 popular websites.

2. Check your login history
A successful spyware or phishing event could give hackers the credentials for an online service, which they can access for their criminal activity. This can be particularly problematic when undetected, and can result in liabilities or repercussions that their victims are left to deal with.
Fortunately, most Web services offer the capability to track the most recent logins in the context of the time it occurred, the mode of access and the destination IP address. The latter makes it possible to deduce the location of access, and can serve as a red flag; if you see logins to your account from physical locations you’ve never been to, it may be time to change the password.

3. Check the list of authorized devices
A common practice for many app-based online services is to create a unique security token after the initial authentication to eliminate the need to key in the password again. The list of authorized devices is typically easy to access, which is a great way to check if someone else is accessing an account on the sly. Moreover, users who believe that their password may have been compromised are well-advised to delete all authorized devices immediately after changing their password, which will de-authenticate unauthorized parties.

4. Install anti-malware software
This will sound cliché, but the easiest way to protect yourself from common malware is to install appropriate anti-malware software. This approach does not work well against more sophisticated hackers wielding custom malware on a spear phishing rampage. And some studies have shown that standalone anti-virus software is no longer effective in preventing the increasingly sophisticated level of attacks being used today
Still, anti-malware software does offer a good basic defense against known and older malware, freeing up their cerebral matter to discern phishing attempts. AV-TEST, an independent IT security provider, publishes an updated list of some of the best anti-malware software for Windows users.
    
5. Don’t delay your security updates
If you’re like most people, it’s easy to ignore those pesky pop-up boxes imploring you to install software updates, even when they include important security patches. The bottom line is that doing so places you at great risk. Hackers can take just days or even hours to dissemble the latest security updates once they’re released by software companies, determine the problem they address and to construct a malware that exploits it.
While the option of denying updates is no longer available to Windows 10 users, most software lets you delay the installation of updates indefinitely. With this in mind, you should attempt to load patches as soon or as often as possible to stay protected.

6. Never give out your passwords, ever
This should be obvious, but it's still a security plague: You should never give out your passwords to anyone, period. Legitimate administrators will already have the appropriate level of access to perform whatever actions they require – without having to ask for your password. As it is, anyone asking you for your password should immediately be suspect, especially if it happens over a faceless medium such as email or a chat app. In which case you have to assume the sender’s accounts have been compromised.

7. Stop clicking on links in emails
A common trick of the bad guys is to get their victims to click on a URL link that brings them to a malicious website. The site may either attempt to inject a security exploit to attack the visiting browser, or it may be designed to look like a legitimate website as part of an elaborate phishing attempt.
And yes, people are still doing it. While it seemingly peaked as an issue about 10 years ago, new studies have shown that malicious attachments are back on the scene as a security risk.
There are so many ways to mask or obfuscate a real link that it’s better not to click on links sent via email messages at all. A safer move is to type it out the URL manually into the web browser instead of relying on the supplied link.

8. Perform offline backups
While backups are not typically mentioned when it comes to security practices, they’re a crucial safeguard against a new breed of security threats called ransomware, which works by threating to encrypt user file or even lock users out of their computer altogether. Once done, it then attempt to exact a ransom for the secret key required to unlock the data or computer.

An offline backup allows businesses to restore their files without paying the ransom. Note that cloud sync services are generally not a good option here – because any encrypted files (such as ransomware) will just be synchronized to the cloud, as well as across all devices – though those that offer an unlimited number of backups could potentially work. However, only Dropbox for Business offers this at the moment.
CIO: http://bit.ly/1JbK8xd

 

« Cyber Liability Insurance’s Data Problems
The Differences Between Targeted Attacks and Advanced Persistent Threats »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

qSkills

qSkills

QSkills is an independent training provider specialized high-quality IT and IT management training courses including IT security.

Applied Risk

Applied Risk

Applied Risk is an established leader in Industrial Control Systems security, focused on critical infrastructure security and combating security breaches that pose a significant threat.

Arete

Arete

Arete is a global cyber risk company whose mission is to transform the way organizations prepare for, respond to, and prevent cybercrime.

TechCERT

TechCERT

TechCERT is Sri Lanka’s first and largest Computer Emergency Readiness Team (CERT).

Travelers

Travelers

Travelers is a leading writer of US commercial property casualty insurance and one of the world’s largest global insurers for cyber insurance.

MrLooquer

MrLooquer

MrLooquer provide a solution to automatically discover the assets of organizations on the internet, determine the level of exposure to attacks and help to manage risk accurately.

Greensafe IT

Greensafe IT

Greensafe offer various onsite and offsite data erasure services, aimed at increasing data security whilst reducing any risk of data loss during transit.

Enterprise Incubator Foundation (EIF)

Enterprise Incubator Foundation (EIF)

Enterprise Incubator Foundation (EIF) of Armenia is one of the largest technology business incubators and IT development agencies in the region.

Field Effect Software

Field Effect Software

Field Effect Software build sophisticated and integrated IT security, threat surface reduction, training and simulation capabilities for enterprises and small businesses.

Synamic Technologies

Synamic Technologies

Synamic Technologies was founded in 2018 as a start-up to automate cyber security processes. Our CISOSCOPE product automates vulnerability management, risk management and compliance.

Brace168

Brace168

Specialising in Cyber Security incident identification and response, Brace168 is uniquely positioned to provide a vast experience in managed security services to meet the needs of all business types.

AWARE7

AWARE7

IT security for human and machine. With the help of our products and services, we work with you to increase the IT security level of your organization.

CypherEye

CypherEye

CypherEye is a next generation trust platform that advances the current state of Multi-factor Authentication (MFA) to enable highly secure, private and auditable cyber-transactions.

Institute for Applied Network Security (IANS)

Institute for Applied Network Security (IANS)

For the security practitioner caught between rapidly evolving threats and demanding executives, IANS Research is a clear-headed resource for decision making and articulating risk.

ABPCyber

ABPCyber

ABPCyber offers holistic cybersecurity solutions spanning DevSecOps, advisory and consultancy, designing and integration, managed operations, and cybersecurity investment optimization.

turingpoint

turingpoint

turingpoint GmbH is a tech enabled boutique consultancy. It was founded by security experts with a focus on cyber security and software solutions.