Are you worried because of recent hacking incidents at Lockheed Martin , SONY and PBS? Now many organisations are fearing that they might be attacked by hackers.So what to do to prevent cyber-crime of all types and sizes? Here is a solution(by ISAT) which you can use for preventing any kind of hackers attack.
Internet Security Awareness Training (ISAT) firm KnowBe4 has issued its top tips for cybercrime prevention, with specific recommendations for both end-users and system administrators.
Demonstrating how easy it is for cybercriminals to deceive untrained staff, Sjouwerman cites KnowBe4’s recent FAIL500 phishing experiment. The company successfully delivered simulated phishing emails to about three-fifths of the companies featured in the Inc. 5000; and nearly 500 of them had at least one employee who clicked the link within the email.
While KnowBe4’s emails had no malicious payload, a 2010 Symantec survey of small and midsize businesses (SMBs) reveals the potential scope of the problem, with 73% of respondents reporting at least one actual cyber attack in the previous 12 months.
To combat these external threats, Sjouwerman offers five simple tips on how to prevent cybercrime that can be quickly and easily implemented by both companies and end-users:
Change passwords regularly. While employees may balk at being required to change their passwords on a routine basis, it is an important step in thwarting access by cybercriminals. Sjouwerman recommends changing network, email, database and other passwords at least once a month, and not reusing passwords.
Enforce strong passwords. Simple words and number strings may be easy to remember, but they’re also easy for cybercriminals to uncover with password-cracking software. Sjouwerman suggests using symbols or numbers in place of letters to make passwords more difficult to crack. For example, the password STOP-PHISHING might be rendered as $T0P-P#!$#!N6. Developing a complex passphrase is another option.
Think before you click. Cybercriminals have become adept at producing realistic-looking emails. They use familiar logos and email address spoofing to make it appear as if the message is sent by someone known and trusted by the recipient, such as a business partner, bank or government agency. It’s easy to make a hyperlink display a familiar URL when the actual link directs elsewhere. Before clicking any link, hover the cursor over it and check the address displayed in the status bar. If it shows an unfamiliar URL, do not click. Instead, report the suspicious email to a system administrator and then delete it.
If in doubt, throw it out. This follows from the previous tip. If an email raises any red flags – whether it comes from an unknown sender or contains an unusual request or unexpected file from someone familiar – it’s best to avoid clicking any links or downloading any attachments. A quick call to the sender can reveal if an email is legitimate or if the owner’s email account has been compromised; while a brief Internet search can expose an email from an unknown sender to be a scam. If there is any doubt, it’s best to delete the email, and/or follow corporate policy.
Implement company-wide Internet security training. Without a formal ISAT program in place, well-meaning employees can be tricked into responding to a cybercriminal’s phishing attempts.
KnowBe4 offers a free phishing security test companies can use to determine how susceptible their employees are to social engineering. Those who choose to implement KnowBe4’s ISAT services will receive high-quality, web-based interactive training for all employees, along with a series of scheduled tests to pinpoint weaknesses and determine if free re-training is required.
In addition to the recommendations outlined above, Sjouwerman notes that system administrators can do their part to prevent cybercrime by following these Internet security best practices:
Ensure that all accounts have unique passwords, which should be unusual and difficult to guess.
Update the network configuration as soon as vulnerabilities become known.
Check with vendors regularly for important upgrades and patches.
Audit systems and check logs on an ongoing basis to detect and trace intruders.
Train all employees to identify and avoid cybercrime tactics, and instruct them to report any suspected phishing attempts or potential security beaches.