It’s Cybersecurity Month - How safe is your data?
Trojans. Malware. Spyware. Phishing. You’ve probably heard these terms, but do you know how to keep your computer safe from them? During Cybersecurity Month, we like to bring attention to keeping your data as safe as possible.
Cybersecurity today is much different than it was when I first cultivated a deep interest in the field roughly 20 years ago. The threat landscape has effectively shifted from securing the endpoint to securing the end-user. To add some context around what I mean by securing the end-user, I’d like to take a trip down memory lane. Before the advent of Windows 10 and the cloud, we couldn’t simply buy a computer and start using it with security in-tact; we had to secure the endpoint. One would need to purchase antivirus software to help protect against the various types of threats that could be introduced to your computer. These solutions were not foolproof, however, and would only help remove the most common types of trojans/viruses/spyware/malware. If you were to somehow get Ransomware or something called a rootkit on your computer, you would honestly have to wipe your machine at that point. Antivirus just wasn’t able to clean such a sophisticated threat.
So how does this relate to securing the end-user? Let’s first hop into our DeLorean and travel back to the present time. Recall how computers previously did not come with the proper security solutions built-in by design? Well, those days are long gone. In fact, not only do Windows machines come with antivirus solutions, they include protection against all types of common threats: Ransomware, Malware, Spyware/Adware, Rootkits, you name it. Honestly, that’s just skimming the surface. My point is that there are so many available security solutions wrapped into the Windows operating system, that hackers don’t want to deal with trying to get around these solid security toolsets. They decided to go another route, straight to the end-user and ask the user for what they need!
This is all accomplished through one simple medium: email. From a time and effort standpoint, this is almost effortless to the hacker, as they can send hundreds, even thousands of emails and only need one person to open their malicious email. One of the primary responsibilities for my role is ensuring our users are provided security awareness materials to help them understand how to detect suspicious emails, what not to click on, etc. These malicious emails, dubbed phishing emails, are well-crafted with the intention of deceiving the user with cleverly engineered words that tempt to bait the user into sending them your information. These emails typically contain links to fake login forms where the hacker expects you to “update” your information they have claimed requires your attention by filling out the fake form. These fake forms sometimes look exactly like the form you are used to seeing, but with a different name in the address bar. For instance, a form for kctcs.edu/survey may contain the address: kctc.edu/Survy. It’s so subtle that it’s often overlooked.
You as the user make a lasting difference in contributing to this battle with phishing emails and helping keep KCTCS secure! When you can, help us out by reporting these emails as soon as you see them come through. The world of Cybersecurity is vast, and I can’t fight these threats alone. I’ll take as many willing recruits as possible. With your help, we can stay ahead of the curve at KCTCS and keep our inboxes secured!