CYBER SECURITY

Carolina Phillip D, kavitha A and Samiksha G

“CHANGING YESTERDAY’S BEHAVIOUR FOR ENCHANCED RESULTS”

Cyber security!!

In today’s world internet places a crucial role.

Since the arrival of internet and the way the internet uses is progressed in our life today is tremendous but it is necessary for each one of us to stay safe while using the internet  and over the internet there cyber security plays an important role

Security is protection from or resilience against protection harm caused by others, by restraining the freedom of others to act .security is not only physical but it can also be virtual. Virtual is something that not physically existing as such but made by software to appear to do so.The notation of cyber security has become a familiar subject both in our professional life and personal lives. Cyber security and cyber threats have been constant for last fifty years of technological change.

Cyber-attack can refer to many difference scenarios, but essentially it is an attempt By an individual or group to compromise a computer system, network or device with intention of causing harm. These attacks our against government business or individual and are not all ways necessarily large scale or wide ranging. A cyber-attack can cripple a computer system, meaning a business loses money because its website is accessible or it can stop a government body from offering an essential service. It could be also led to large amount of sensitive data being stolen on a personal or financial level. In some cases, it can even cause physical damage such as upstox data breach incident that occurred in April 2021 India and also domino’s Indian incident in the month of May 2021, before attacks are much more likely to occur through mundane errors like a user choosing an easy password to guess or not changing the default password on something

 “phishing” is also a common way to gain access to a system it is a cybercrime in which a target are contacted by e-mail, telephone or text message revealing sensitive information to the attackers.

Example: the fake invoice scan, email d/c upgrade scan, advances fee, Google docs scam, pay pal scam, mg from HR scam, drop Box scam.

Credit card/ banking phishing scam, OTP phishing scans, fake jobs phishing scams

Another method of attack is distributed denial of a service (Ddos), where vast amounts of traffics are sent to a system in order to crash it. A system can handle so many requests at one time much like a switch board receiving too many phone calls, and will eventually crash….

The revenue is cost for the organization. In august 2020 the number of (DDOS) incident in India, hit a record high in terms of DDOS packets. 

Cyber attacks also lead to data breaks is a security violation in which sensitive, protected or confidential data is copied transmitted, viewed or stolen used by an individual unauthorize to do. Data breaches have direct effect on individuals when criminals get hold of enough information to steal their identity and carry out various fraudulent activities.

The key way to prevent this kind of crime is to ensure that you follow best practice when it comes to passwords and sharing information through online. Regularly changing password and not using the same one for multiple accounts can prevent hackers gaining access  

CONCLUSION

1. Keep Your Software Up to Date

As we saw from the stats above, ransomware attacks were a major attack vector of 2017 for both businesses and consumers. One of the most important cyber security tips to mitigate ransomware is patching out-dated software, both operating system, and applications. This helps remove critical vulnerabilities that hackers use to access your devices. Here are a few quick tips to get you started:

• Turn on automatic system updates for your device
• Make sure your desktop web browser uses automatic security updates
• Keep your web browser plugins like Flash, Java, etc. updated

Check out our blog on patch management best practices!

2. Use Anti-Virus Protection & Firewall

Anti-virus (AV) protection software has been the most prevalent solution to fight malicious attacks. AV software blocks malware and other malicious viruses from entering your device and compromising your data. Use anti-virus software from trusted vendors and only run one AV tool on your device.

Using a firewall is also important when defending your data against malicious attacks. 

3. Use Strong Passwords & Use a Password Management Tool

You’ve probably heard that strong passwords are critical to online security. The truth is passwords are important in keeping hackers out of your data! According to the National Institute of Standards and Technology’s (NIST) 2017 new password policy framework, you should consider:

• Dropping the crazy, complex mixture of upper case letters, symbols, and numbers. Instead, opt for something more user-friendly but with at least eight characters and a maximum length of 64 characters.
• Don’t use the same password twice.
• The password should contain at least one lowercase letter, one uppercase letter, one number, and four symbols but not the following &%#@_.
• Choose something that is easy to remember and never leave a password hint out in the open or make it publicly available for hackers to see
• Reset your password when you forget it. But, change it once per year as a general refresh.

If you want to make it easier to manage your passwords, try using a password management tool or password account vault. 

4. Use Two-Factor or Multi-Factor Authentication

Two-factor or multi-factor authentication is a service that adds additional layers of security to the standard password method of online identification. Without two-factor authentication, you would normally enter a username and password. But, with two-factor, you would be prompted to enter one additional authentication method such as a Personal Identification Code, another password or even fingerprint. With multi-factor authentication, you would be prompted to enter more than two additional authentication methods after entering your username and password.

According to NIST, an SMS delivery should not be used during two-factor authentication because malware can be used to attack mobile phone networks and can compromise data during the process. 

5. Learn about Phishing Scams – be very suspicious of emails, phone calls, and flyers

We recently blogged that phishing scams are nastier than ever this year. In a phishing scheme attempt, the attacker poses as someone or something the sender is not to trick the recipient into divulging credentials, clicking a malicious link, or opening an attachment that infects the user’s system with malware, Trojan, or zero-day vulnerability exploit. This often leads to a ransom ware attack. In fact, 90% of ransomware attacks originate from phishing attempts.

A few important cyber security tips to remember about phishing schemes include:

1. Bottom line – Don’t open email from people you don’t know
2. Know which links are safe and which are not – hover over a link to discover where it directs to
3. Be suspicious of the emails sent to you in general – look and see where it came from and if there are grammatical errors
4. Malicious links can come from friends who have been infected too. So, be extra careful!

6. Protect Your Sensitive Personal Identifiable Information (PII)

Personal Identifiable Information (PII) is any information that can be used by a cybercriminal to identify or locate an individual. PII includes information such as name, address, phone numbers, data of birth, Social Security Number, IP address, location details, or any other physical or digital identity data. Your credit card information should be protected by companies if they follow the PCI DSS standards.

In the new “always-on” world of social media, you should be very cautious about the information you include online. It is recommended that you only show the very minimum about yourself on social media. Consider reviewing your privacy settings across all your social media accounts, particularly Facebook. Adding your home address, birthdate, or any other PII information will dramatically increase your risk of a security breach. Hackers use this information to their advantage!

7. Use Your Mobile Devices Securely

According to McAfee Labs, your mobile device is now a target to more than 1.5 million new incidents of mobile malware. Here are some quick tips for mobile device security:

1. Create a Difficult Mobile Passcode – Not Your Birthdate or Bank PIN
2. Install Apps from Trusted Sources
3. Keep Your Device Updated – Hackers Use Vulnerabilities in Unpatched Older Operating Systems
4. Avoid sending PII or sensitive information over text message or email
5. Leverage Find my iPhone or the Android Device Manager to prevent loss or theft
6. Perform regular mobile backups using iCloud or Enabling Backup & Sync from Android 

 8. Backup Your Data Regularly

Backing up your data regularly is an overlooked step in personal online security. The top IT and security managers follow a simple rule called the 3-2-1 backup rule. Essentially, you will keep three copies of your data on two different types of media (local and external hard drive) and one copy in an off-site location (cloud storage).

If you become a victim of ransomware or malware, the only way to restore your data is to erase your systems and restore with a recently performed backup.

9. Don’t Use Public Wi-Fi

Don’t use a public Wi-Fi without using a Virtual Private Network (VPN). By using VPN software, the traffic between your device and the VPN server is encrypted. This means it’s much more difficult for a cybercriminal to obtain access to your data on your device. Use your cell network if you don’t have a VPN when security is important.

10. Review Your Online Accounts & Credit Reports Regularly for Changes

With the recent Equifax breach, it’s more important than ever for consumers to safeguard their online accounts and monitor their credit reports. A credit freeze is the most effective way for you to protect your personal credit information from cyber criminals right now. Essentially, it allows you to lock your credit and use a personal identification number (PIN) that only you will know. You can then use this PIN when you need to apply for credit.

Written By 

Carolina Phillip D, kavitha A and Samiksha G

 2^nd year BCA students
from St. Anne’s college for women
ulsoor Bangalore-0008