- Editor’s Note: This article was written by Roger Fahnestock, chief information officer for Kane County’s Information Technologies Department, at the request of Kane County Connects, following well-publicized threats of cyber attack in the wake of the U.S. air strike that killed Iranian General Qasem Soleimani. The simple questions we asked Fahnestock was what the average Jane or Joe Citizen in Kane County can do to protect themselves.
- For a full report by the Pentagon on cyber strategy, click this link.
As we begin a new year, the attention on cyber security has never been greater.
When we think of cyber security we often think of some hacker in a dark room surrounded by computers in some far off country hacking websites and breaching banking systems. Oddly enough, we find that most points of infection and most attacks involve some sort of social engineering or simply tricking someone into doing something through email.
The start of the attack begins with a simple email.
Something like this:
“Happy New Year! This is your sales representative from ABCD Corporation. I have some great news for you. We are offering our government customers a special deal this week to celebrate the New Year. I am providing the following link to a promo for our BOGO buy one get one free iPhone offer. < Click Here for Special BOGO Offer >”
Another phishing attack begins with a fake invoice:
“PAST DUE! Your invoice is past due, please review the attached invoice and make a payment as soon as possible.”
We have all received one of these, and many of us have become wise to not click on the links or open the attachments. The links and attachments are the point of entry for hackers, malicious code, and ransomware.
One of the best ways protect yourself and your computers from these types of attacks is education and training.
8 Tips For Cybersecurity
How do you detect one of these email messages and protect yourself?
1. Assume that all email is infected or dangerous.
2. Email with links to webpages or attachments are even more dangerous.
3. Just because it made it into your inbox does not mean it is safe.
4. Verify who sent the message. Match the sender to the message body and company domain.
5. Do not click on the links or download the attachments if you have any doubts.
6. Pick up the phone and call the person at the number you have on record, not from the email.
7. Contact technical support if you think it may be malicious.
8. If you think you have been a victim contact technical support immediately.
These simple steps are critical to protecting yourself and the computers in your home or office. While maintaining software patches, antivirus, and firewalls will provide a great layer of defense, it is difficult to protect your computing environment without people exercising caution and knowing what to look for in their email.
In most cases, the email will have tell-tale signs of fraud between the sender information and the message body. The attacks are getting more sophisticated and the stakes are getting higher.
For more information on Internet security please visit the Center for Internet Security at https://cisecurity.org