October is National Cyber Security Awareness Month (NCSAM) and USAID is joining with the Department of Homeland Security and its partners across the country to highlight the importance of cybersecurity and online safety.
The Department of Homeland Security’s United States Computer Emergency Readiness Team (US-CERT) shares information on the common threats and tips to avoid them.
While online threats are constantly evolving, many cyber criminals use variations of the same methods of cyber-attack. Specifics of these attacks may differ, but the nature of the attacks stay the same. Cyber criminals take advantage of a user’s lack of technical expertise and inherent trusting natures. By understanding these common threats and risks, we can all take steps to protect ourselves online.
Malware is a general term to describe malicious code or software, and includes viruses, worms, trojan horses, ransomware, and spyware to name a few. Malware can disrupt your computer’s operations and destroy files or run quietly in the background, tracking what you type or what sites you visit, and sending this information from your computer to cyber criminals. In the case of ransomware, the malicious code locks your computer or encrypts certain files on your computer and threatens to delete files or keep your computer locked until you pay a monetary fine. Even after paying this “ransom,” it is not guaranteed that your files will be freed from its captors. With a cyber criminal receiving ransom from a number of users, this crime becomes lucrative for a criminal and devastating for numerous victims who may lose anything from company data to personal photos and purchased music.
What you can do to protect yourself:
● Keep your anti-virus software updated. New viruses are continually being written and deployed. Updating your anti-virus software helps you fight against the latest malware.
● Back up your files. If you are a victim of malware, such as a virus or ransomware, you may risk losing files and data on your computer. Regularly back-up your computer to the cloud or an external hard drive to protect your work, your photos, and your documents.
● Phishing: Phishing is an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques, or tricking them into thinking that the activity is legitimate or necessary. Phishing emails are crafted to appear as if they have been sent from a legitimate organization or from someone the person actually knows. These emails often entice users to click on a link that takes the user to a fraudulent (or “spoofed”) website that appears to be legitimate. The user may be asked to provide personal information, such as account usernames and passwords.
Additionally, these fraudulent websites may contain malicious code. Attackers sometimes take advantage of major events – such as a natural disaster, sporting event, etc. – and pretend to be legitimate charities or retailers to entice users.
What you can do to protect yourself:
● Be wary of unsolicited emails asking for personal information. Do not provide personal information or internal company information unless you have verified that the sender is legitimate. Keep your anti-virus software updated.
● Be wary of unsolicited emails asking for personal information. Do not provide personal information or internal company information unless you have verified that the sender is legitimate.
● Report suspicious emails. Either forward the email to your company’s IT department, or report it to US-CERT by emailing phishing-report@us-cert.gov.
For more information on cyber threats and risks, and how to protect yourself, visit www.us-cert.gov/ncas/tips.
To learn more about NCSAM 2015, visit www.dhs.gov/national-cyber-security-awareness-month.
To receive cyber security tips year round, visit www.dhs.gov/stopthinkconnect and become a Friend of the Campaign. To help you start an online safety dialogue, the
Stop.Think.Connect. online toolkit is filled with tips, facts, and shareable resources, www.dhs.gov/stopthinkconnect-toolkit.