Part of the work here is helping clients with computer and network security. In our basic security class we go over some basic tools that businesses and individuals can use to become less of a target when it comes to cyber security. In a nutshell there are two basic threats:
1) Wide open attacks: These are the most common and they target as many systems as possible hoping to find a week password or a backdoor to an unpatched system. These are the threats that can more easily be defended against with some simple tips.
2) Specific and directed attacks: These are the “professional” grade attack. Where you or your company is specifically targeted.
Businesses can be flooded online so their site is down.
Networks and systems can be breached and information destroyed.
The most common recently is good old fashioned extortion.
The “Cryptolocker” virus or another variant, or the simple “I got into your system and I am deleting your files unless you pay” is becoming more and more common. Criminal enterprise has realized very quickly there is money to be made in peoples data. Coupled with the fact that often there is no recent (or tested) backup, the risk of dataloss often represents a catastrophic end to a business. This prompts people to pay the ransom in some cases, which re-enforces the business model of the criminal enterprise behind it.
I would love to tell people that there is a 100% guaranteed way to never get hacked, and never get compromised but that simply is not true.
Whet I can recommend is:
1) Use strong passwords, rotate them as often as you can bear without writing them down
2) Use a unique password for your email.
3) Turn on two factor authentication whenever possible.
4) Always have a recent and tested backup (more than one if possible on different drives or devices)
Here are some recent articles on the subject: