Good Cyber security habits
To prevent cyber threats and attacks, one should practice the following (Cannery, 2021):
- Create strong passwords.
- Use multifactor authentication.
- Never leave devices unattended.
- Develop a disaster recovery plan.
- Be wary of public or open wireless networks.
- Never send payments without confirming with the source.
- Actively train employees on how to be safe online.
- Verify requests for private information.
- Think twice before clicking on links or opening attachments.
- Keep your devices, browsers, and apps up to date.
- Back up critical files
- Delete sensitive information when it’s no longer needed.
- If it’s suspicious, report it!
Password Guidance
When setting a password, make sure to do the following (Marquette University, 2021):
- DO change your password regularly.
- DO pick a password you will remember so you DON’T have to write it down.
- DO use a mix of uppercase and lowercase characters.
- DO use punctuation marks and special characters such as #, $, %.
- DO choose a line or two from a song or poem and use the first letter of each word, preceded or followed by a digit. (e.g “Do you know the way to San Jose?” becomes the password DYKtwTSJ?).
When setting a password, make sure NOT to do the following:
- DON’T include all or part of your username, first name, or last name.
- DON’T use your favorite sport as a password — “baseball” and “football” are among the top 10 worst passwords, and “hockey,” “soccer” and “golfer” are in the top 100.
- DON’T make obvious choices like your nickname, birthdate, spouse name, pet name, make/model of car, or favorite expression.
- DON’T share your password with anyone.
- DON’T use blank spaces in your password.
- DON’T use a word contained in English or foreign language dictionaries, spelling lists or commonly digitized texts such as the Bible or an encyclopedia.
- DON’T use an alphabet sequence (lmnopqrst), a number sequence (12345678) or a keyboard sequence (qwertyuop).
Phishing Attacks
Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords (KnowBe4, n.d.).
Types of Phishing Attacks
Phishing attacks include:
- Vishing
- Whaling
- Spear-phishing
Vishing attacks rely on convincing victims that they are doing the right thing by responding to the caller. Often the caller will pretend to be calling from the government, tax department, police, or the victim’s bank.This is a social engineered fraud where a fraudster convinces the user to provide critical information over the phone.
A whaling attack is a method used by cybercriminals to masquerade as a senior player at an organization and directly target senior or other important individuals at an organization, with the aim of stealing money or sensitive information or gaining access to their computer systems for criminal purposes.
Spear-phishing is a targeted attempt to steal sensitive information such as account credentials or financial information from a specific individual, organization or business often for malicious reasons.
How to prevent phishing attacks
- Use spam filters to protect against spam mails.
- Change the browser setting to prevent fraudulent websites from opening.
- Change your password regularly and also use a CAPTCHA system for added security.
- If verification is required, always contact the company personally before entering any details online.
Physical Security
Physical security is an integral part of cyber security because they prevent access to the storage room where firewalls and other machines are found. Without physical security, attackers can access data centers, sneak into restricted areas of building, and even have use terminals they have no business accessing (Diehl, 2020).
Some of the physical security breaches include tailgating and piggybacking. In tailgating, someone slips in unexpectedly after an authorized person has opened the door. Similarly, piggybacking occurs when an authorized individual opens and holds the door for someone who may or may not have the proper credentials (Diehl, 2020). When these actions happen, a secure access point loses its purpose and the building, occupants, and equipment are put at risk.
How to Prevent Tailgating and piggybacking
- Staff Education – It’s important to outline the risks that come with tailgating and why staff should not allow someone to enter behind them.
- Install an access control system which helps to ensure that only authorized personnel have access to your building or specific areas.
- Issue Visitor Badges.
- Install security cameras.
Cyber Crime Cases in the Banking Sector
With the advent of technologies, banking services have become more convenient. However, the downside of these technologies is that ATM frauds, Phishing, identity theft, Denial of Service have become more prevalent (Johnson Controls, 2021).
ATM Skimming is also an example of ATM Fraud. A gadget is introduced onto ATMs or POS terminals to gather card numbers and personal information, which later is used to conduct fake transactions.
All banking organizations worldwide are victims skimming because it is a highly profitable crime with a relatively low risk of being caught. It is much easier to use an ATM to withdraw $1,500 from someone’s bank account than it is to steal a home entertainment system worth the same amount.
Frequently Asked Questions (FAQ)
What is cyber security?
Cyber security refers to the protection of hardware, software, and data from attackers. The primary purpose of cyber security is to protect against cyber-attacks like accessing, changing, or destroying sensitive information.
What is hacking?
Hacking is a process of finding weakness in computer or private networks to exploit its weaknesses and gain access.
For example, using password cracking technique to gain access to a system.
Who are hackers?
A Hacker is a person who finds and exploits the weakness in computer systems, smartphones, tablets, or networks to gain access. Hackers are well experienced computer programmers with knowledge of computer security.
What are the risks associated with public Wi-Fi?
Public Wi-Fi has many security issues. Wi-Fi attacks include karma attack, sniffing, war-driving, brute force attack, etc.
Public Wi-Fi may identify data that is passed through a network device like emails, browsing history, passwords, and credit card data.
What is a Firewall?
It is a security system designed for the network. A firewall is set on the boundaries of any system or network which monitors and controls network traffic. Firewalls are mostly used to protect the system or network from malware, worms, and viruses. Firewalls can also prevent content filtering and remote access.
Additional Information Resources
To learn more on cyber security, you can visit the following websites.