By: Ryan Hickey
IT Project Manager, NSK Inc
Here are five ways hackers can get into your computer system, and the steps you need to take to stay protected.
1. Peer to Peer networking sites
These include:
• Bit torrent - open source file sharing application
• Kazaa - free music and movie downloads
• Limewire - free music and videos
• Sharezaa - video sharing site.
Peer to Peer sites really have no place in the workplace. They are rife with viruses, eat up bandwidth, decrease productivity and open your business up to copyright lawsuits. Ideally, they should be blocked at the hardware firewall separating your network from the internet.
2. Social Networking sites including:
a. Facebook - Hold on, hold on I am not telling you to get rid of your Facebook account, I am just telling you to be very careful. Hackers have figured out how to create computer-generated Facebook profiles and are using them to trick unsuspecting users into installing malware. This means that attackers have figured out a way to crack the Facebook captcha, which is used to ensure profiles are created by humans, rather than computer scripts that automate the process, allowing attackers to create thousands of profiles at a time. Facebook engineers are doing a good job killing these fake profiles, but you still need to be careful.
i. Don't click on profiles of people that you do not know.
ii. Do not click on the ads on the side of the page, because no one is monitoring what content may be in those ads.
iii. Malware is also being circulated via Facebook messages. Do not open messages from anyone who isn't a friend or from friends you haven't heard from in a long time. Also don't open any messages that have strange subjects that don't look right such as "Maan,yyou're great!" "I found this video of you", etc.
c. Twitter - Malware researchers are seeing signs that Twitter is now clearly large enough for attackers to use as a mechanism for malicious software
i. Most of the Twitter malware uses beautiful women as the profile picture. Don't be fooled, that person is not really using Twitter and they really don't want to follow you
ii. Most of the Tweets are for a date, or pornographic pictures -- Do Not Click on them!
The FBI issued this advisory warning people to be wary of fraud on social networking sites.
Ideally, it would be great if all businesses could block social networking sites at the firewall but in some circumstances such as small businesses or businesses that have Marketing and Sales departments that rely on Social Networking for business use it's not so easy.
3. IM (Instant Messaging)
a. Do not click on links in an Instant Message
i. If the link is from a friend, ask them if it is OK to open or try a different method of sending the link
b. Do not open attachments unless you know who they are from and you are expecting them
c. Do not download applets (small applications that perform specific tasks) when asked while trying to view pictures or other documents
4. Email
a. Do not click on a link if you do not know the sender.
b. Never open attachments unless you know who it's from and are expecting it.
i. Never download attachments with a .exe or .scr extension
ii. Good extensions are .doc, .xls, .pdf, .jpg
c. Do not click on a link if you KNOW the sender, but the message is STRANGE. (i.e. I LOVE YOU Email message from your boss).
d. Be wary of emails saying that say they are from your financial institution asking you for information. Almost every bank, credit card company, etc. will never request personal information from you via email.
5. Web Browsing
a. Pop-Ups. Do Not believe everything you see in pop-up windows
i. Messages telling you to:
• Optimize your computer
• Protect your computer
• Saying your computer is infected with spyware and you need a specific program to clean it.
These pop-ups will always download malware into your computer that will make it unusable, steal your information, or use your computer to send spam etc.
Cancelling a pop up window sometimes is just not enough. Sometimes the way it is worded will install the program if you click cancel. If you notice that information is still being downloaded Close the pop-up using the red X in the right corner of the pop-up or go to your task manager and close the application. (ctrl-alt-delete). If you can turn off your computer without losing your work, it may be best to hard shut down your computer when you feel like you're being trapped on a website. This can be done by pressing the power button on your computer and holding it down for 5 seconds until it powers off.
b. Make sure your browser settings do not allow files to automatically download. Change the settings to ask you first about installations or updates before they happen.