Securing the Network: A Personal Responsibility

 

            Computers and technology allow us access to a tremendous amount of information.  However, with access comes risk.  Transmissions of information to and from your systems create a gateway for quality information, but also an ability for unwanted intrusions.   These intrusions or attacks can come in various forms.  Some can be as complex as true hacks or worms infecting a system or some can simply be as simple as a Denial of Service (DoS) attack. “A denial of service (DoS) attack is achieved by submitting huge numbers of access requests simultaneously to one target website, causing that site's web server to be overloaded, thus preventing legitimate requests from being handled (those requests are "denied service").” (Vahid. Lysecky. 2017).  In essence, a DoS attack could be a large number of pings or requests for access to a site that overloads the number of requests the site or service can handle.   This overload of pointless requests has the effect of blocking out true requests to the site.  A DoS attack isn’t a true hack and does not lead to a loss of information directly, but these attacks can be a form of “hacktivism” or can be used as a sleight of hand to keep a company occupied while another attack is being completed.

 

Computer systems are vulnerable to attacks for various reasons.  Viruses and Worms can find access via holes in software and operating systems or gateways to a computer system that can be obtained through an unsecured network connection.  (Vahid. Lysecky. 2017).  It is a constant battle between new viruses/attacks and new security measures to block those attacks.  While systems themselves can be vulnerable to attacks, the greatest weakness is the human factor.  “It’s often noted that humans are the weakest link when it comes to cybersecurity.” (CompTia. N.d.).

Through phishing and social engineering, humans often give away important information to bad actors that should not have the information.  “Phishing emails and text messages may look like they’re from a company you know or trust. They may look like they’re from a bank, a credit card company, a social networking site, an online payment website or app, or an online store.” (Federal Trade Commission. n.d.).  Phishing attacks are surprisingly successful at getting people to give away their passwords or other information such as banking information.  To protect against phishing, it is best to be skeptical of any email or text you receive asking you to give away sensitive information or click a link to input it.  If you get a request you believe may be legitimate, go straight to the company via your search of their site (not via the text or email), or call the company directly from a number obtained outside the email or text request.  Often, phishing scams will express urgency and a need for immediate action or there will be a negative effect on you.  Do not click links in these requests, verify the sender via other means, and verify the email address that sent it to you to see if it is a true email address from the stated company.

Social engineering is a targeting of people to gather information to access systems. “Social engineering brings the con into the digital age. Instead of using personal interactions to build rapport and charm users into certain actions, social engineering leverages a lack of awareness around digital tools and the willingness to share on digital platforms. The result is the same: psychological manipulation that leads to handing over sensitive info.” (CompTia. N.d.). Social engineering comes in several forms, such as phone calls or emails, etc. Typically an actor will pretend to be a representative of a trusted company or agency and profile the targeted user.  Through questioning and observation, the social engineering actor will gather important information they will later use to gain access to secured systems without permission.  Much like phishing, the best way to combat social engineering is to be cautious and skeptical of who you provide your information to.  Verify who you are speaking or interacting with before giving away sensitive information.  Use spam filters, avoid opening attachments from unverified sources, and do not download software from untrusted sources.

Systems access is important, but it is extremely important to keep your software and security updated.  More than simply updating your security, you as the user need to be cautious of what you are doing with your information.