Thanks to the media and traditional virus scanning software, most of us know viruses and malware are bad and could have a catastrophic effect on our computers. However, hackers are getting smarter and more clever in their attempts to access our computers and data, and now more than ever you need to be cautious and aware of other ways your computer security could be compromised.
Davis Neild of Gizmodo recently did an article on this (here) that is worth repeating and thinking about how easily we could be compromised. They detailed 4 lesser-known ways that security breaches can happen, and how to help avoid them:
- USB Drives. Malicious USB devices can be made so that once they are connected to your computer, they auto-execute a virus that can do anything from logging your keystrokes to completely locking you out of your data. The caveat to these intrusions is that the USB stick has to be physically plugged into your machine to work- making it an ideal choice for college dorm pranks and those involved in workplace drama. It’s always best to keep a tight leash on your computer, and know who could have access to do something like this at any time.
- Webcam Monitoring. Most laptops today have a webcam built into the screen, and if the right software is installed on your machine it could be hacked to view you sitting in front of it. While more of a creepy intrusion than a data security threat, hackers that install this are probably are more interested in seeing your location (i.e. you’re working on a top-secret project at work or trying to check up on where your spouse is, etc.). Needless to say, a small piece of electrical tape over the webcam can prevent this, and might be good if you fear this type threat.
- Public WiFi Networks. This one is all too common as the number of wifi networks increases. Leaving your personal wireless network unprotected (without a password, or an easily guessable one) can allow anyone within range of your network to have access. Think about that nerdy high school kid next door, the coffee house within range of your house, or even people driving by. If you leave it open, someone experienced enough can get in, gain access to your computer and your files, or use your machine as a springboard to do other malicious activity online. What just might be a fun “prank” for them, could cost you thousands of dollars in data recovery bills should your computer get into the wrong hands.
- Social Engineering. This is perhaps the scariest one, and one of the hardest to automatically prevent against. Most simply, using “social engineering” to attack someone could be as simple as a popup or a phone call that seems to be from Microsoft when it’s really not. At it’s worst, someone specifically looking to gain access to YOUR accounts can try and use easily findable information (i.e. your mother’s maiden name from your facebook account), and try and convince tech support that they are you and need a password reset. If they’re successful, and you use the same passwords at multiple sites, it could lock you out of your email, bank accounts, and other sites, and do millions of dollars in damage.
Neild’s article details some precautionary steps you can take to avoid or protect yourself against these intrusions, and discusses good computer security practices overall. As always, making sure you use a unique password for each site or account you have is critical, along with a secure location either online or offline that they are stored so you can easily retrieve them when needed. Computer security expert Adam Goslin with Total Compliance Tracking (www.totalcompliancetracking.com) helps businesses prevent against security vulnerabilities on a daily basis. Goslin suggests going as far as creating unique fictitious security questions at each site that prompts for them, to add an extra layer of security. For example, when it asks for your “mother’s maiden name”, put “smith” or another incorrect answer rather than her real maiden name. Just remember to store this value in a safe location along with your password should you need it….because if you really do forget the password, providing her real maiden name won’t help you. Lastly, remember no legitimate computer company will ever call you and tell you that you have a virus on your computer, or that they need to reset your account….so don’t fall victim to anyone you don’t personally know asking for access to your machine or a password to your account.