Professional Documents
Culture Documents
Lesson 2
Example:
Etech
Malware
Etech
Example:
Etech
Etech
8. Use a "WhoIs" search to research who has registered the website's domain. All domains are
required to display contact information for the person or company who has registered the
domain. You can get WhoIs info from most domain registrars, or from services such
as https://whois.domaintools.com/. Some things to look out for:
-
Private registration: It's possible register a domain privately, where a "private registration"
provider serves as the domain's contact, instead of the actual owner. If a domain uses private
registration, consider this a red flag.
- Contact information is suspicious: For example, if the name of a registrant is "Steve
Smith," but the email address is "ramsaybolton12345@hushmail.com", this might be a
sign that the registrant is trying to hide their true identity.
- Recent registration or transfers: A recent registration or transfer of a domain may indicate
that a site is not trustworthy.
Lesson 2 cont.
Etech
Etech
• Few people these days will use a computer, smartphone or tablet without some type of
antivirus and malware detection software. In 2017, only 27% of Windows computers were
unprotected, as a report by Digital Journal shows. However, not all of those individuals utilize a
dependable or well-known provider.
• Antivirus software like Norton, Kaspersky, Comodo, AVG, Avast, and Webroot may cost you just
a bit more than self-described "free antivirus" applications, yet all have a longstanding tradition
for being effective and recognizing security threats.
• There are free antivirus software downloads on the web, but do you want to trust your
computer with just any type of software? Furthermore, many totally free antivirus programs are
themselves Potentially Unwanted Programs ("PUPs"), and come installed with some kind of
spyware.
Etech
• Investing in high quality antivirus software is a small price to pay compared to the harmful
hijacking or cryptojacking that could occur on your personal devices.
• Good antivirus software will go a long way in helping detect and remove malware, but it does
not help much if you do not keep the software, and all your other programs updated.
• So while IT teams may do a fine job of monitoring, notifying, and correcting security risks, they
also need help from you. Therefore, you need not only to install updates as soon as they
become available, but also to restart the systems as well, in order to fully implement the
updates.
• In 2017, the Erie County Medical Center in New York was hacked, exposing private patient data
and costing the hospital millions. The hackers ended up taking down their computer system for
a total of six weeks. They couldn't do anything—all the screens were blacked out. They ended up
having to shell out over $44,000 in Bitcoin to the hackers just to regain access to their own
equipment.
• And all of this because happened simply they didn't have any type of antivirus software to stop
this from happening.
• While it is intended to run in the background, you still need to manage it up front. It is a good
idea to set up automatic scans to run every few days or week to make sure the software is doing
its job.
• If you find that the performance of your PC is vastly reduced when running a scan, then don't
run the scan while you're using your machine. Late at night, for example, is a logical choice for
most people.
• Finally, in order to ensure the scan runs, you should make sure that the system is not turned off
and cannot go to sleep and/or hibernation.
Etech
• Security teams are always issuing new patches that fix malware threats and zero day
vulnerabilities. However, if you continue using an older operating system—ignoring constant
request to upgrade your OS to a newer version—your computer is at risk of being infected with
malware.
• Getting notified about a computer update is like hearing your in-laws are in town to visit.
Although you may feel obligated to do it, at the end of the day it just seems there are more
enjoyable things to do.
• However, operating system updates are important. If you put them off, the consequences could
be much worse than disgruntled in-laws.
• Take, for example, what happened with the Wannacry ransomware attack, in which more than
200,000 computers were compromised across 150 different countries, with total damages that
ranged in the hundred millions to billions of dollars. With the proper antivirus software installed,
this could have been thwarted fairly easily.
Etech
• With the mass adoption of wireless technology in the last decade, our personal information is
constantly being sent over public networks...and it's not always protected as well as we think.
Our computers connect to files, printers, and the internet constantly, and hackers love to prey
on unprotected internet traffic.
• The reality is, you're playing with fire if your do the following:
• Do not use a password for your own personal network (and share that information with others)
• Whenever using a Wi-Fi network, whether it's at home or your local Starbucks, consider using a
virtual private network (VPN) with strong encryption.
• You need a wireless network at home that is WPA or WPA2 encrypted. Never broadcast your
SSID to others even if you have trustworthy guests who want to share the network. Instead,
create a guest SSID and different password for those people.
• Bottom line: if your network is not secure, you need to use a virtual private network. But you
can't just use any VPN. You need to know what to look for in a quality VPN and, specifically, you
need to check and make sure that the VPN you are using is not logging your data, which some
VPNs (typically free ones) often do.
(Encrypted)
Employ Browser Common Sense
When it comes to street crime, there are common-sense principles that automatically keep you safe,
such as never traveling alone at night, staying in well-lit areas, and so on). Likewise, the same principles
of self-preservation apply when browsing the internet.
Avoid websites that feature pirated material, particularly torrent sites like The Pirate Bay. These kinds of
places are loaded with malware. You should never open an email attachment from someone you do not
recognize, which could be part of a phishing scam.
Scan every file before you download it, even if the file is sent from family or friends.
Etech
• Hover your mouse over a shortened link to see what URL it is taking you too before clicking it,
especially if the link is in an email from someone you don't know or recognize.
• According to the most recent statistics, more than 18 million sites on the internet are infected
with malware. There are obvious red flags regarding corrupted websites, so you should not only
immediately leave them, but also report them to your antivirus provider.
• Secondly, always make sure that you visit a website with an SSL certificate. You can verify this by
looking for the secured icon to the left of the URL (the web address).
• When a browser, such as Chrome, notifies you that a website in not secure, take action to
prevent the entire page from being loaded.
• Malicious websites are often hosted in the data centers of cheap web hosting providers, many
of which are host thousands of sites on a single shared server with little to no quality control. As
a result, when it comes to internet safety, an ounce of prevention is worth a ton, compared to
undoing all the damage
• Why is this?
• Shouldn't advances in encryption technology and standards make us more safe, not less? The
reality is, all companies today are "internet" companies. They keep your all data in digital form—
your home address, social security numbers, usernames, passwords, and transaction history. All
of which are just few hacks away from getting exposed.
• And though encryption is stronger today than ever before, so too is the value of your digital
secrets. One small hack can release the private information of thousands or millions of users.
• And that's not even starting with message boards and social media profiles where hackers can
social engineer personal information.
• Recent legislation, such the EU's GDPR and California's CCPA, are designed to protect consumer
data, but could actually backfire. A recent report by Panda Security shows how stronger
encryption standards could make it easier for some forms of malware to infect your computer.
• Many online businesses have policies for GDPR compliance, but they could inadvertently create
a backdoor for new forms of encrypted malware.
• In summary, there are not nearly enough precautionary methods you can take to avoid identity
theft. Make sure your privacy settings on social media profiles are as strict as possible, and be
cautious of giving out any real information including your real name.
• In addition to staying updated with all your programs and operating system, also remove any
software you no longer use. Outdated programs no longer have patches (updates/fixes) and
leave you vulnerable to attacks.
• And while many people don't like the U.S. government looking over our shoulders, security
agencies are actually helping. In fact, there's a branch of Homeland Security called the Cyber
Security Division. The analyze all types of threats, both private and public, and regularly
update their database of vulnerabilities targeting both small and large business. Though many
staunch libertarians may argue that this is another form of "Big Brother" trying to spy on us,
they actually help us—with and without our permission.
Lesson 3
Lesson 1