Computer security tactics aren't often thought about until a problem arises—and at that point, a break in security can cause harmful and potentially major issues. Because we all want to keep our computers and information safe, we have answers to some frequently asked questions about potential security issues and how you can prevent them from happening to you.
Computer security is important because it keeps your information protected. It’s also important for your computer’s overall health; proper computer security helps prevent viruses and malware, which allows programs to run quicker and smoother.
When people don't understand the ramifications of installing unverified software, they open their computer up to potential attacks. For example, they might download a free desktop application, which unknowingly installs spyware or a browser toolbar along with the application.
Typically, these free software applications will have a checkbox installation that some people might miss, which allows the spyware or toolbars to be installed. This spyware, in many cases, can track everything you do in your web browser. These toolbars can potentially slow your entire system down.
When you install unverified software, you open yourself up to:
Verify that you're getting your software, including Internet browsers, productivity apps, and anti-virus software from credible sources before installing. Check with your IT department and they can help verify that the program you are installing is safe.
Man-in-the-middle attacks are somewhat similar to someone secretly and directly listening to a phone conversation through wire tapping or picking up another landline in the house.
The information shared between two people that should be private is now in the hands of a hacker. This is what happens:
Here's an example of sensitive information that can get intercepted:
Do not connect to public Wi-Fi networks unless you are using a VPN service. There are many free or cheap VPN services out there that encrypt your traffic so that nobody can steal the information you enter while on that network.
When making purchases, make sure the website is secure and using an SSL certificate. You can tell by checking to ensure the URL starts with https:// (read on to learn more).
These aren't fun activities you can do with a beer in hand. Phishing attacks are notorious for trying to trick you into opening unknown attachments and links in emails. These attachments and links have the potential to add viruses and other malware to your system, so why do people still fall for them?
Phishing and spear-phishing attacks can happen though email, SMS messages, voice calls, and a couple other less common avenues, but email attacks are most common. In both instances, attackers disguise themselves as people or organizations that you trust and/or already engage with; however, phishing attacks are not personalized while spear-phishing attacks are. Spear phishing messages personally address the recipient and contain personal information, which they hope will make you act.
Here's a real example of a phishing attack that some Onsharp staff have received:
The message is short, (poorly) mimics a request from someone within Onsharp (a trusted source), and asks you to give them your information.
When you get a questionable email, call, or text from someone or a business you communicate with, do not respond to it. If you're unsure if the request is legitimate, create a new line of contact with that person/business and ask them if they still need that information and/or if their request is real.
When you leave your laptop or phone unattended at the office, your remote workplace, or a public space, you're foolishly inviting someone to breach your computer security through your own device.
When you have to walk away from your workstation, lock your electronics. Have password protection enabled on your phone, laptop, and other devices—especially if you have access to sensitive information through that device. With modern devices, you can easily enable a fingerprint access as well.
When you visit a website, you're information is automatically safe, right? Wrong. When you're on the internet, sometimes website admins don't take the necessary precautions to protect their information or yours.
SSL Certificates are a good indication for whether you should trust a website. It looks different depending on what browser you use, but you can typically tell when a website is secure when a locked padlock appears to the left of a URL in the search bar. When a website doesn't have an SSL Certificate or one that's improperly installed, your search bar will not contain a HTTP or HTTPS heading or a locked padlock icon.
When it comes to protecting your computer, our biggest piece of advice is to be aware of:
At Onsharp, we scan our customers' websites every 90 days as part of our Website Essentials Package, and we rescan until the websites receive a passing score. We do this to address any new vulnerabilities that are found. We also offer a free one-time vulnerability scan to help those who aren't yet leveraging our Website Essentials Package to find out how vulnerable their website might be.