Anti-virus is not enough

      Comments Off on Anti-virus is not enough

antivirus-jokeAnti-virus is not enough to keep you and your data safe online.  Whether business or personal, you always have some valuable data.  People shop and bank online for both personal use and business but if someone is monitoring your computer with a keylogger, they can see what website you visited, your username and the password.

A hacker is not always identified by anti-virus software.  Viruses are just one method hackers use to gain access to your computer.  Here we discuss why and how they do it, as well as how to defend yourself.

Why they do it?

  1. To steal information off your computer to use against you in one way or another, maybe for identify theft or to gain financial information, stealing passwords.
  2. To turn your computer into a Zombie or Bot and become part of their army while attacking others.  You wouldn’t detect a virus because there is none, and you may not notice any problems with your computer, because they don’t want to be detected.  They want long term access so they will keep your computer secure and even prevent others from hacking in.  Your computer is theirs now.
  3. The “Hacker on a mission”.  If you have one of these, may all the Gods be with you!  You’re going to need them all!  If a hacker has it in for you, they will not stop; there is no final goal that means once they get it, they will stop.  They are not looking to steal one piece of information, they are not looking to just use your computer as part of their army.
    The hacker in this case is on a mission, such as ISIS or the Anonymous group.  They’ll bring down your website and keep it down, they’ll screw with your network over and over again, forever possibly!  It will be an ongoing costly battle for you to stop them, a battle you may never win.  Unless your time and resources are greater than theirs, eventually you can’t keep paying someone to protect you 24/7 and you need to move on with life.  This hacker will possibly come at you 24/7.  Think of it like a psycho.  They are not afraid of the law, you can’t reason with them, there is no ransom.  They want nothing more than to destroy you.

How they do it?

There are so many methods of attacking you.  Finding vulnerabilities in the operating system and software you use is one way.  Another is tricking you by sending you an email with a link to click open which looks like nothing happens but in reality it’s downloading the exploit to take advantage of some outdated/unpatched software you have.  The hacker would scan your network and look for vulnerabilities and then exploit that vulnerability.

You might even visit a website looking for free information to fix something yourself, and someone planted a link in the comments of that website to an evil website.  Once you click that link, you downloaded the software and the hacker has control of your computer.

Another way they can gain access is something completely non-tech.  It’s just talking with neighbours and friends either directly or by pretending to be someone trustworthy.  They give up just enough information they think is harmless but is very useful for the hacker.  This is why you should never use passwords that can be easily figured out with this publicly known information.  Almost everything is online about everyone.  The information is out there, it’s just a matter of how much searching we need to do to find it.

How to defend yourself.

  1. If you’re running a business, get on a monthly maintenance plan and we can handle most of this for you once a month if you don’t have time to do it yourself or don’t know how to at least do the basics.
  2. Choose a password for everything you use wisely.  Don’t use the same password for high security logins as for low level security logins.  Use at least 15 characters with a mix of upper and lower case letters, a number and a symbol.
  3. Don’t store your passwords on your computer in plain text.  Including do not keep in an unprotected Excel Spreadsheet.  Even if you save your password in your web browser for your convenience, it can be grabbed from the file it’s stored in on your computer.
  4. Have a working anti-virus and check regularly that is updating and scanning on a scheduled basis.
  5. Run all operating system updates (Windows & Mac) ASAP
  6. Run all software program updates ASAP.
    Common programs like Java, Adobe Reader have regular updates that pop up reminders.  Other programs are automatic or require you go and check for updates.
  7. For those of you advanced enough to do so or want to hire someone to do this, block all unnecessary ports that are open on your router.  You may want to hire a penetration tester for advanced security report of what needs to be blocked if you’re running a business.
  8. Another advanced method is having an Intrusion Detection System and Intrusion Prevention System installed and monitored.  Typically unless you are techy enough to do it yourself or have a friend to help set it up, this can be a costly option.  Once its setup and working, you need to know how to read the log files and make adjustments as necessary.

 

About Daniel Gauthier

work as a peace officer in various forms. Daniel wrote a book in 2009 called “Tech-Knowledgy” which got him on television and radio a few times. The concept behind the book was “to level the playing field between computer techs and non-techies so they don’t get take advantage of”.
Daniel has a couple certifications including MCP and A+; he is preparing to write the Network+ exam and has studied CEH (Certified Ethical Hacker) and CHFI (Computer Hacking Forensics Investigator). Daniel has run his own computer service business “TwinBytes” since 2004. He has done a few talks on cyber security and generally enjoys training, educating and helping others.