Hacks, Malware, Security and Safety
BeckyStrause
Several of our blog posts are regarding staying safe & secure. This is because every time we turn around there is news about a new hack, attack, or aack! (As in, “Aack, they stole my password!”)
In recent weeks, the New York Times and Wall Street Journal have suffered breaches to their systems. Twitter discovered an unauthorized attempt to access user data, and concluded that limited data of 250,000 may have been accessed. The Department of Homeland Security encouraged users to disable Java on the browsers because of potential threats. Internet advertising network NetSeer suffered a hack causing website visitors to be warned that they were visiting was a “known malware distributor.” Yahoo mail was hacked by an individual who uploaded a video demonstrating how he did it. With stories like those continually in the news, we want to make sure to keep people aware and educated on security measures.
One security misconception is that if you only go to “trustworthy” websites, you’ll never get malware. Cisco’s 2013 Annual Security Report has proven that wrong. Their report states, “Our data reveals the truth of this outdated notion, as web malware encounters are typically not the by-product of “bad” sites in today’s threat landscape. Web malware encounters occur everywhere people visit on the Internet — including the most legitimate of websites they visit frequently, even for business purposes.”
Their point is that malware encounters happen most through Dynamic Content websites and Content Delivery Networks.
- Dynamic webpage : A dynamic web page is a kind of web page that has been prepared with fresh information (content and/or layout), for each individual.
- Content Delivery Network : A large distributed system of servers deployed in multiple data centers in the Internet. The goal of a Content Delivery Network is to serve content to end-users with high availability and high performance.
It’s not just the sites selling weight loss pills and fake Rolexes that you have to be concerned about. Malware attacks are common and becoming more common. In the argument of “Who’s to blame?” it’s important to understand that most websites are not intentionally serving malware.
Cisco also makes the following points:
The challenge of securing a wide range of applications, devices, and users — whether in an “any-to-any” or Internet of Everything context — is made tougher by the popularity of the cloud as a means of managing enterprise systems.
Addressing security challenges presented by virtualization and the cloud requires rethinking security postures to reflect this new paradigm — perimeter-based controls and old models of access and containment need to be changed to secure the new business model.
As the security experts work on new solutions, we have a few pointers for you:
- Make sure you are running an active and updated anti-virus program. This should help with both keeping potential viruses away, and cleaning out malware.
- Create complex and varied passwords for different sites. This will help if one of your accounts is ever hacked and someone gets your password. A hacker may try to sign into various common accounts with the same user name/password combination. It’s more difficult to hack a more complex password than an easy one.
- Use multiple email addresses with multiple prefixes for different uses. For similar reasons as using different passwords. So if someone gets into your email, you may not automatically be giving them access to all your other information. Such as, if they get the email address associated with your Facebook but that’s not the one you use to sign into your banking info, your banking info can remain safe.
For more security tips, check out our various blog articles on security, such as:
