Every day, companies develop new policies and technologies to keep end users protected — and to keep information safe from outside organized attacks. Every day, end users either ignore, forget or directly break policies for access to the applications they want to use. This is a problem that must be solved by offering security tips for end users.
When this happens, it’s not often done with malice; in fact, it’s usually human error, such as not realizing just how risky a particular action was, like bypassing security controls to complete a task quicker or help out someone who forgot his login credentials. Sharing a password or sending off a spreadsheet from a personal email are two actions that could have good intentions, but both undermine policies and put data at serious risk.
Employees circumvent policies for the following reasons:
- They were unaware of policy
- They didn’t understand the consequences
- They felt the policies were a burden
- They did not value security highly
All of these problems must be dealt with head-on to alter the end-user’s approach to help protect data in the work environment. Security is what helps make online life possible, not a burden that makes convenience impossible. The following are 5 security tips for end users to keep in mind to protect data.
1. Understand Malware
Malware refers to software code developed maliciously in an effort to infect computers and mobile devices; the intent is to access and steal sensitive data to sell. More than 200,000 malware threats are developed every day. Almost 70 percent of data breaches are due to malware.
No longer is malware something playfully developed in order to gain harmless notoriety. Today, it’s the center of a multi-billion cybercrime industry, and if you have a computer, you’re one of the top targets. Whether you compute at work or home, you’re a tool for a criminal to get the data they really want to steal.
Defending yourself along with your data requires understanding how adept these cybercriminals have become. Don’t assume that a basic firewall or antivirus shields you from all threats such that you can let down your guard; just one wrong click puts all data at risk.
Some types of malware, such as Trojans and viruses, are considered tools to break into your computer while others, such as keyloggers and spyware, are more about looking for specific systems on your network for data to steal. Data breaches often involve different kinds of malware in a long-term staged attack. One infected PC might seem like an isolated annoyance, but it can snowball into a huge company problem.
There are still other types of malware, such as bots, that attempt to hijack computers to steal resources in order to help fuel other attacks. Rather than paying for equipment to spam others, scammers will use infected PCs to do the work for them without ever alerting the end user.
2. Don’t Get Too Curious
Spam is still a big threat to companies. This isn’t just the marketing stuff found in your inbox that you instantly delete. Spam is a symptom of someone trying to deceive you, often a precursor to phishing; these criminals steal the logos and email designs of known brands to trick a user into clicking a link that downloads an infected file. Spam can even appear to come from a legitimate email address but has been manipulated to obscure the real address.
Nearly all kinds of malware can be sent through spam. Criminals consider this to be a shotgun tactic that helps spread the infection as far as it can possibly go. The emails are most commonly manipulated to look like bank notices, interesting photos, shipping confirmation notices, scams for mortgages, fake news and many others — basically, they’re designed to entice you to click through, clicking a link or attachment that downloads infected files.
3. Take Care While Browsing
Another trick cybercriminals love to try is called black hat SEO, which essentially means they poison search results. They’ll exploit curiosity by taking high-profile news, such as a new tech release or celebrity scandal, or some other event like the royal birth, the Olympics or the latest elections to draw people into their website. Criminals know what the people search for, so they use it against end users.
Although search engines are largely good at stopping these threats, it’s easy for a criminal to come up with a quick website in just hours of news breaking, claiming to have pictures and videos but only set to give malware to anyone who visits. It can take time before Google realizes what is happening and purges the website from its engine, but too many users are infected by this point.
4. Avoid Exploitation
Zero-day attacks and exploits are two other threatening kinds of malware. The criminals who author these try to exploit problems in everyday software products, including Chrome, Internet Explorer or even the Windows operating system itself.
These criminals put plenty of energy into looking for bad software code to create a backdoor on your computer, allowing them to put in malware for any reason they want. Zero-day attacks got their name because when they are discovered, there has not yet been a fix for whatever they have found and exploited, forcing the company to come up with a new release in days. By that point, however, criminals have plenty of time to spread the infection.
5. Don’t Spread the Infection
In the same way that a person spreads the flu to a colleague, an end user can spread his or her home computer infection to work and vice versa. One of the easiest ways to do this is by sharing files between computers that aren’t as secure as one another. Another common way is by allowing someone with unsafe online habits to use the computer.
A user who uses an infected document at home and email it to work or put it in the cloud spread the infection to any computer that access that same file. The same is true for removable devices like USB sticks that are commonly shared between multiple users. Be sure to test all documents before sharing them.