CYBERSECURITY
SOLUTIONS

• Install anti-virus software and, where possible, set it to automatically scan your systems and report to you if it finds anything suspicious.
• Add several layers of protection to make it extremely difficult for hackers to access digital assets (e.g., change passwords frequently, require additional authentication, etc.).

• What is a DDoS?

The goal of a DDoS is to crash the target server, website, or network by overloading it with traffic. The first effect of this attack is that users are unable to access the server, website, or network. The second effect is that the target becomes more susceptible to other cyber threats that allow the hacker to access it and go through confidential data without anyone watching.

Ways to Prevent DDoS:

• Implement network security protocols such as firewalls and Virtual Private Networks (VPNs). The key is to set up a system that effectively balances the load at all times.
• Address loopholes or gaps in your cybersecurity. DDoS requires multiple sources for it to overwhelm its target and successfully blocking one of those sources can stop your server, website, or network from overloading and crashing.

Social engineering is the use of manipulation and deceit to gain unauthorized access to systems and information. Unlike other types of cyber threats which look for and then pass through neglected access points into your company’s system, network, or program, social engineering exploits the human factor of cybersecurity.

Ways to Prevent Social Engineering:

• A key defense against social engineering is to train employees to be emotionally intelligent and perceptive. Those provided with the right training are more likely to recognize the subtle social cues that indicate they are being deceived or that the person they are communicating with is not being entirely truthful.
• Have robust authentication procedures for access to company systems. This is to prevent human error or a situation in which an employee inadvertently gives access to a person with bad intentions because they “know” them or see them as completely harmless.

The most common type of social engineering is phishing, which involves sending fake messages to people within the company. These fake messages can be quite convincing and usually aim to get the recipient to divulge private information or click on a link that allows malware to access their accounts or infect their computer system.

Ways to Prevent Phishing:

• Require the use of corporate emails and spam filters.
• Educate employees on what fake messages from key people in the organization can look like (e.g., hackers will try to convey a sense of urgency to get you to respond to them and typically bad formatting and incorrect grammar is a sign of a phishing attempt).

Man-in-the-middle attacks take place when the hacker is able to insert themselves into an information relay process, such as a device connecting to a network or a user logging into an account. Hackers in this position can read and use the data being passed and even gain further access to the device, network, and the other systems linked to them.

Ways to Prevent MITM:

• Don’t connect to public Wi-Fi networks or those that don’t require login details.
• Only visit websites with the HTTPS protocol (“S” stands for secure).

A password attack is basically any attempt to obtain someone’s password without their consent. The following are the various methods and tools that hackers use to get passwords:

• Physically spying on someone as they enter their password
• Guessing using publicly available information (such as those on social media accounts, like birthdays, initials, favorite fictional characters and foods, etc.)
• Keyloggers (records the person’s keyboard strokes) and other spyware
• Password databases (i.e., websites) with weak security
• Hacking tools and password generation programs
• Other types of cyber threats (e.g., social engineering, phishing, MITM attacks)

Ways to Prevent Password Attack:

• Never use the same password or variations of a password for multiple accounts.
• Use unique (i.e., password is only for one account) and strong passwords (containing numbers, special characters, uppercase and lowercase letters) that are unrelated to your interests or at least those shown on your public social media accounts.

A Structured Query Language (SQL) injection is adding malicious code to a server using SQL. This piece of code can be added via website search box and can force the server to release sensitive information that the hacker can access and even modify.

Ways to Prevent SQL Injection:

• Since SQL injection is a very technical type of cyber attack, you will need the help of your webmaster or an IT specialist in resolving SQL vulnerabilities.
• The most common ways to prevent SQL injection are to use input validation, parameterized queries or prepared statements, and web application firewalls.