CYT - Best Cybersecurity Practices (Lesson)

Best Cybersecurity Practices

How are you protecting your computer from malware? In this lesson, you will learn about malware attack types and the best ways to protect your computer.

Types of Malware Presentation

Ransomware

You have learned that ransomware is a program that blocks access to files or blocks use of the device until a ransom is paid. It has exploded onto the cybersecurity scene in the last few years. Besides locking your data, most of the ransomware uses some fear tactic to push the victim to react quickly and pay the ransom.  Health care providers, for example, are getting hard hit because they are now required to keep patient health data in digital form and once the files are locked, they are very motivated to give up and pay the ransom to get a timely return to accessing the data.

Methods used by ransomware are:

  • Encrypt files and threaten to delete them.
  • Lock the screen so no other programs will show.
  • Lock the PC Master Boot Record so that the device will not boot.
  • Harvest browser activity and threaten to post online.

Best Cybersecurity Practices

The BEST protection against ransomware is to do regular backups of your files to an external drive that is disconnected from the PC after backup. Ransomware knows how to infect attached devices, network shared drives, and even files stored in the cloud!!!

Do a quick Internet search! What are some recent ransomware attacks?

Spyware

Spyware is software that gathers data and forwards it to a third party without the consent or knowledge of the user. For example, keylogger.

A keylogger is a type of surveillance software or hardware device designed to record and log every keystroke made on a keyboard. It is often used for malicious purposes to capture sensitive information like passwords and personal data, but can also be employed for legitimate reasons such as parental control or employee monitoring.

Information can include passwords, PINs, credit card numbers, browsing habits, harvesting email addresses, etc. Spyware programs often have undesirable effects like slowing down PCs by using processor and memory. Spyware does not spread to other computers like a virus or worm would.

Spyware runs on the computer, tracks your activity, and reports it to others such as advertisers or hackers. Sometimes spyware is a program that was purchased by the computer owner (might be your boss or a parent!) in order to monitor the use of the computer. 

Alternatively, it is often installed through a Trojan or a clickable link, like a pop-up message that may prompt you to download a software utility that you “need” or software may be downloaded automatically without your knowledge.  It could be something as evil as a keylogger or it might be more innocent, like a company tracking what items you are buying so they can provide more targeted ads.

Best Cybersecurity Practices

Protecting yourself from spyware involves a combination of using the right tools, practicing safe browsing habits, and staying informed about the latest threats.

Here are some steps you can take to safeguard your devices and personal information:

  • Install reputable anti-virus or anti-malware software on your devices. Make sure it includes spyware protection. Keep your anti-virus software updated to ensure it can detect and remove the latest threats.
  • Regularly update your operating system, browsers, and all software. Many updates include security patches that address vulnerabilities exploited by spyware. Download software only from trusted sources. Avoid downloading from suspicious or unknown websites.
  • Pay attention to software installation processes. Some software may bundle unwanted applications, including spyware.
  • Be cautious with email attachments and links, especially from unknown senders. Phishing emails are a common way to distribute spyware. Don't open email attachments unless you are sure of their origin and purpose.
  • Enable the firewall on your device. It can help prevent unauthorized access and block malicious traffic.
  • Use a secure, password-protected Wi-Fi network. Avoid using public Wi-Fi for sensitive transactions. Consider using a Virtual Private Network (VPN) for additional security, especially when using public networks.
  • Use security features and privacy settings in your web browser. Enable features like pop-up blockers and do not track requests. Consider using browser extensions that can block tracking and ads.
  • Be cautious about sharing personal information online or over the phone. Social engineering tactics can be used to trick you into installing spyware.
  • Use strong, unique passwords for all your accounts and devices. Consider using a password manager. Enable two-factor authentication (2FA) wherever possible for added security.
  • Keep yourself informed about the latest spyware threats and how to recognize them.
  • Regularly back up your data. In case your device is compromised, you won't lose important information.
  • Install apps only from official app stores. Check app permissions and be wary of apps that request unnecessary permissions. Keep your mobile operating system updated.
  • If you suspect your device is infected with spyware, disconnect it from the internet and seek professional help to remove the malicious software.
  • Don't leave devices unattended in public places and use screen locks.

By combining these practices, you can significantly reduce your risk of falling victim to spyware and protect your personal information and privacy.

Adware

Adware is software that installs advertisements on your PC in the form of toolbars, pop-ups, or banners. It is usually installed alongside a shareware or freeware application and displays web-based ads through pop-up windows or advertising banners. Often closing one pop-up opens another, making it impossible to use the browser!

Adware is irritating and can even incapacitate your use of the computer or at least the browser because of all the pop ups and redirects. Companies will pay for “eyeballs” -- the fact that someone looked at their advertisement.  A good example of adware is the toolbars that are added to your browser, sometimes installed when you update a program like Java or Adobe.

Best Cybersecurity Practices

  • Install reputable antivirus or anti-malware software that includes adware detection and removal capabilities. Keep your anti-virus software updated to ensure it can recognize and deal with the latest adware threats.
  • Keep your operating system, browsers, and all installed software up to date. Many updates include security patches that can protect against adware exploits.
  • Only download software and apps from trusted sources, such as official websites and verified app stores. Be cautious when installing free software, as it often comes bundled with adware.
  • Carefully read all installation prompts and uncheck any options to install additional software, toolbars, or changes to your browser settings.
  • Use browser extensions that block ads and prevent tracking. Regularly review and manage your browser extensions to ensure there are no unwanted or suspicious add-ons.
  • Adjust your browser's security and privacy settings to limit pop-ups and block unauthorized downloads. Enable features like ‘Do Not Track’ to reduce tracking from websites.
  • Avoid clicking on links or downloading attachments from unknown or unsolicited emails. Be cautious of emails that seem too good to be true or that create a sense of urgency.
  • Use a secure, password-protected Wi-Fi network. Avoid conducting sensitive activities on public Wi-Fi networks.
  • Stay away from pirated software, movies, or music, as these often come bundled with adware or other malicious software.
  • On mobile devices, review app permissions and be wary of apps that request more permissions than necessary.
  • If you suspect that your device is heavily infected with adware, seek professional help for removal.

By adhering to these practices, you can significantly minimize the risk of adware infections and the potential security and privacy issues that come with them.

Now you have learned some of the best cybersecurity practices! Which ones will you implement immediately?

Potentially Unwanted Programs or Applications (PUP or PUA)

Potentially Unwanted Programs or Applications (PUP or PUA) are programs that may be unwanted on the PC and often come bundled with freeware programs. They are not malicious BUT they can have some unwanted effects on the device:

  • Display pop-ups
  • Install a toolbar or browser extension
  • Change the homepage of the browser
  • Change the default search engine
  • Slow down PC performance

The PUP/PUA programs are not really malware because there is no malicious activity, as no damage is done and nothing is stolen like with spam, spyware, or trojans.  BUT they can have a very bad effect on the performance of your PC by “clogging” it up with inefficient code and hogging memory and processor resources.  The words “potentially unwanted” are used in the name because it is real software that could be something a user wants but not likely.

Best Cybersecurity Practices

This is the best example of where the user clicked “OK” or said “yes” to a message without really reading it, only to find themselves with something unwanted. Always read carefully and think before you click!

Spam is unsolicited commercial email, the electronic equivalent of the junk mail that comes through your mailbox. The most common types of spam concern

  • prescription drugs or drugs that enlarge body parts;
  • herbal remedies or weight loss drugs;
  • get-rich-quick schemes (“Nigerian banker”);
  • financial services, e.g., mortgage;
  • offers or schemes for reducing debt.

The key to spam is that the mail is unsolicited. Often when we are on a website, especially shopping, we don’t notice that there is a checkbox to sign up for the newsletter or discounts. That means we got on their mailing list and the subsequent emails are technically not spam -- we signed up for that by not paying attention. Those are usually easy to unsubscribe from, but real spam isn’t so easy!

Phishing

Phishing is a cyber attack where scammers use deceptive emails, messages, or websites to trick individuals into revealing sensitive information, such as passwords, credit card details, or personal identification numbers. The goal is often to steal money, commit identity theft, or gain unauthorized access to systems.

Best Cybersecurity Practices

Spam, or unsolicited messages, can be more than just a nuisance; they can also pose security risks. Here are some best practices to deal with spam effectively and protect yourself:

  • Most email services have built-in spam filters. Make sure they are enabled and properly configured to catch unwanted emails. Periodically check your spam folder to ensure legitimate emails are not being incorrectly filtered.
  • Never reply to spam emails. Responding confirms that your email address is active, which can lead to more spam.
  • Use the unsubscribe option cautiously. If the email is from a reputable source, it's safe to unsubscribe. However, for suspicious emails, clicking "unsubscribe" can confirm your address to spammers or even expose you to malware.
  • Avoid clicking on links or downloading attachments from unknown or unsolicited emails, as they may contain malware or lead to phishing sites.
  • Consider using different email addresses for different purposes (e.g., personal, work, online shopping, newsletters). This can help manage spam and isolate potential risks.
  • Avoid publishing your email address on public forums, social media, or websites. Spammers often scrape these sites for email addresses.
  • Use the "Report Spam" feature in your email service. This helps improve spam filters and reduces the chances of similar emails reaching your inbox in the future.
  • Adjust your email client’s settings to prevent the automatic downloading of images. Some spam emails contain images that, once downloaded, can alert the sender that the email address is active.
  • Ensure you have reliable anti-malware software installed and keep it updated. This provides an additional layer of protection against malicious content that might come through spam.
  • Be cautious about where and to whom you provide your email address. Consider whether it's necessary before sharing it.
  • Stay informed about common spam tactics, such as phishing. Educate family members and colleagues about how to recognize and handle spam.
  • For signing up for one-time services or websites you don't fully trust, consider using a disposable or temporary email address.
  • Regularly update your operating system and software, including your email client. Security patches can help protect against vulnerabilities that spammers might exploit.
  • Be vigilant about protecting your personal information. Spammers often use personal details to make their messages seem more convincing.
  • Use Two-Factor Authentication (2FA) for your email accounts to add an extra layer of security.

By following these best practices, you can significantly reduce the amount of spam you receive and minimize the potential risks associated with it.

Do a quick Internet search! What are some recent phishing attacks?

Malware Recap

Security Threats Review Activity

Cybersecurity Case Study Activity

[CC BY-NC-SA 4.0 Links to an external site.] UNLESS OTHERWISE NOTED | IMAGES: LICENSED AND USED ACCORDING TO TERMS OF SUBSCRIPTION - INTENDED ONLY FOR USE WITHIN LESSON.