There are countless different ways hackers attempt to gain access to companies' sensitive information, but the majority of cyber-attacks involve the organization's employees and the Internet. Employees' PCs are the most common area for security attacks to take place. Since they're connected to the Internet, the machines are easy for cyber criminals to reach and it's often not too difficult to trick employees into downloading malware or clicking on malicious links. Attacks come in varying forms, though. Here are the biggest online security threats your employees need to watch out for.
In a phishing attack, victims receive an email or social networking message trying to get them to volunteer sensitive information or download malware. In many cases, those messages are specifically targeted for the recipient using information found about the person and the company. To prevent phishing attacks, experts recommend training employees to recognize and ignore suspicious emails. It also can help to avoid publicizing information that might help criminals with their attacks.
In so-called scareware attacks, users visit a website and see a pop-up ad that claims the machine has been infected with malware and the victim must download a program to fix it. In some cases, the victim simply pays for an application that doesn't do anything, and in others the application is actually a virus. While these attacks are easy for IT staff and other tech-savvy employees to avoid, others may not know better and could benefit from some education.
3. Cross-site Scripting
While many employees might assume most security problems come from sites that deal with illicit or illegal activities, research has shown that the most dangerous websites are actually legitimate pages that have been hijacked by criminals. One common attack method is cross-site scripting, in which hackers inject their own malicious code into a compromised site. That allows criminals to steal information entered by visitors and do other damage. Companies can help lower the risk by keeping security applications up to date and disabling Java and other browser features.
4. Drive-by Downloads
Another attack hackers launch after compromising legitimate sites is a drive-by download. That's what it's called when an attack exploits a browser vulnerability to automatically download and install malware onto a visitor's computer without any action from the user. Since those attacks rely on browser vulnerabilities, one of the best ways companies can prevent them -- and many other types of attacks -- is by making sure all employees' browsers are updated and patched.
5. P2P File Sharing Attacks
Peer-to-peer (P2P) networks are often used to download music, movies and other media. However, their open nature also makes those networks an easy way for attackers to spread viruses. In fact, malware found on P2P networks has increased by 500% over the past year, according to one recent report. Many experts say companies are best off banning P2P software in the office, especially since there's also a danger of employees accidentally sharing sensitive documents on those networks.
6. Social Networking Scams
Scammers are flocking to social networks to launch various types of attacks, including phishing scams and social engineering attacks. There have also been several examples of malware specifically designed to spread through links on social networks. Employees can be trained to recognize those scams, and they can limit the risk by making sure profiles and information aren't visible to the general public.
7. Mobile malware
As smartphones and tablets become more common, hackers are shifting some focus away from PCs and trying to target those mobile devices. Often, hackers disguise malware as legitimate applications and even make them available on official app stores. The best bet for keeping those threats away from company-issued smartphones and personal devices people use for work: train employees to perform due diligence before installing any app.
As with many applications and office technologies, proper training and education is the best way to keep your employees, sensitive information, and business safe.