Computer security tactics aren’t often thought about until a problem arises—and at that point, a break in security can cause harmful and potentially major issues. Because we all want to keep our computers and information safe, we have answers to some frequently asked questions about potential security issues and how you can prevent them from happening to you.
Why is computer security important?
- First, you likely have sensitive information about yourself, your employer, and/or your customers that must be protected and kept confidential.
- Second, every computer, or “endpoint”, is a potential gateway into the rest of your home or company network. If your computer is compromised, you jeopardize the security of all information stored across your entire network.
What are the most common computer security threats?
Installing Unverified Software
When people don’t understand the ramifications of installing unverified software, they open their computer up to potential attacks. For example, they might download a free desktop application, which unknowingly installs spyware or a browser toolbar along with the application.
Typically, these free software applications will have a checkbox installation that some people might miss, which allows the spyware or toolbars to be installed. This spyware, in many cases, can track everything you do in your web browser. These toolbars can potentially slow your entire system down.
When you install unverified software, you open yourself up to:
- Trojan Horses
- Spyware
- Viruses
- and much more
Our Advice
Verify that you’re getting your software, including Internet browsers, productivity apps, and anti-virus software from credible sources before installing. Check with your IT department and they can help verify that the program you are installing is safe.
Man-In-The-Middle Attacks
Man-in-the-middle attacks are somewhat similar to someone secretly and directly listening to a phone conversation through wire tapping or picking up another landline in the house.
The information shared between two people that should be private is now in the hands of a hacker.
This is what happens:
- To ensure that only the appropriate person sees some information, the sender sends the recipient a private email, chat, or something similar. Only the recipient can open this public key encrypted message with their private key.
- The attacker intercepts the message and sends the recipient a fake message that imitates the original message.
- The recipient falls for the fake message and encrypts the attacker’s message with his/her public key.
- The recipient sends the message back to the original sender.
- The attacker intercepts the return message.
- The attacker opens the message with private key and alters it.
- The attacker re-encrypts the message with the public key that was originally provided by the sender.
- The original sender is tricked into thinking that their intended recipient has returned their message.
Here’s an example of sensitive information that can get intercepted:
Our Advice
Do not connect to public Wi-Fi networks unless you are using a VPN service. There are many free or cheap VPN services out there that encrypt your traffic so that nobody can steal the information you enter while on that network.
When making purchases, make sure the website is secure and using an SSL certificate. You can tell by checking to ensure the URL starts with https:// (read on to learn more).
Phishing & Spear Phishing
These aren’t fun activities you can do with a beer in hand. Phishing attacks are notorious for trying to trick you into opening unknown attachments and links in emails. These attachments and links have the potential to add viruses and other malware to your system, so why do people still fall for them?
Phishing and spear phishing attacks can happen though email, SMS messages, voice calls, and a couple other less common avenues, but email attacks are most common. In both instances, attackers disguise themselves as people or organizations that you trust and/or already engage with; however, phishing attacks are not personalized while spear-phishing attacks are. Spear phishing messages personally address the recipient and contain personal information, which they hope will make you act.
Here’s a real example of a phishing attack that some Onsharp staff have received:
The message is short, (poorly) mimics a request from someone within Onsharp (a trusted source), and asks you to give them your information.
Our Advice
When you get a questionable email, call, or text from someone or a business you communicate with, do not respond to it. If you’re unsure if the request is legitimate, create a new line of contact with that person/business and ask them if they still need that information and/or if their request is real.
Leaving Your Computer or Device Unattended
When you leave your laptop or phone unattended at the office, your remote workplace, or a public space, you’re foolishly inviting someone to breach your computer security through your own device.
Our Advice
When you have to walk away from your workstation, lock your electronics. Have password protection enabled on your phone, laptop, and other devices—especially if you have access to sensitive information through that device. With modern devices, you can easily enable a fingerprint access as well.
If you device happens to get stolen while you’re away from it, there is tracking software you can use to retrieve it; use Find My iPhone for Apple devices and Find My Phone for Android Devices.
What are some computer security threats I wouldn’t necessarily know about?
Visiting Websites Without SSL Certificates
When you visit a website, you’re information is automatically safe, right? Wrong. When you’re on the internet, sometimes website admins don’t take the necessary precautions to protect their information or yours.
SSL Certificates are a good indication for whether you should trust a website. It looks different depending on what browser you use, but you can typically tell when a website is secure when a locked padlock appears to the left of a URL in the search bar. When a website doesn’t have an SSL Certificate or one that’s improperly installed, your search bar will not contain a HTTP or HTTPS heading or a locked padlock icon.
What can I do to protect my computer from these threats?
When it comes to protecting your computer, our biggest piece of advice is to be aware of:
- what you’re downloading,
- what websites you visit,
- where your emails are coming from,
- what links you’re clicking on,
- and what you’re entering your information into.
Are there any helpful programs you recommend installing?
Most PCs come equipped with an antivirus program already installed. For example, Windows 8 and 10 have Windows Defender built into the operating system, which is sufficient for most users. If you have an older version of Windows, don’t have an antivirus program, or would rather use something besides Windows Defender, we recommend using Avast. Avast has been one of the highest-praised antivirus programs available over the years because it doesn’t slow down your system, and it’s free.
Next Steps
Website Security Fundamentals Guide
- who is at risk
- what’s at stake
- and how to protect yourself