Awan Colony Haripur

Current Affairs, local News, Desi totakye, Desi food Recipes, Urdu Stories, information,Tips and Tricks

Common Security Threats

Common Security Threats:
There are many information security threats that we need to be constantly aware of and protected against in order to ensure our sensitive information remains secure. This document details different information security threats that are commonly found, together with some preventative measures that can be taken.
Unauthorized Access – Enter at your own risk:
The attempted or successful access of information or systems, wihtout permission or rights to do so.
Ensure you have a properly configured firewall, up to date malware prevention software and all software has the latest security updates.
Protect all sensitive information, utilizing encryption where appropriate, and use strong passwords that are changed regularly.
Social Engineering – Go find some other mug:
Tricking and manipulating others by phone, email, online or in-person, into divulging sensitive information, in order to access company information or system.
Verify all requests for sensitive information, no matter how legitimate they may seem, and never share your passwords with anyone – not even the IT Service Desk.
Never share sensitive information if in doubt, and report suspected social engineering attempts immediately.
Cyber Espionage – Hey, gets off my network!
The act of spying through the use of computers, involving the covert access or “hacking” of company networks to obatin sensitive information.
Be alert for social engineering attempts and verify all requests for sensitive information.
Ensure software has the latest security updates, your network is secure and monitor for unusual network behavior.
Malware – you Installed what?!
A collective term for malicious software, such as virus, worms and trojans; designed to infiltrate systems and information for criminal, commercial or destructive purposes.
A collective term for mailicious software, such as viruses, worms and trojans; designed to infiltrate system and information for criminal, commercial or destructibe purposes.
Ensure you have a properly configured firewall, upto date malware prevention and all software has the latest security updates’
Do not click links or open attachments in emails from unknown senders, visit un-trusted websites or install dubious software.
Data Leakage – I seek what you leak
The international or accidental loss, theft or exposure of sensitive company or personal information.
Ensure all sensitive information stored on removeable storage media, mobile devices or laptops is encrypted.
Be mindful of what you post online, check email recipients before pressing send, and never email sensitive company information to personal email accoutns.


Mobile Device Attack – Lost, but not forgotten:
The malicious attack on, or unauthorized access of, mobile devices and the information stored or processed by them; performed wirelessly or through physical possession.
Keep devices with you at all times, encrypt all sensitive data and removable storage media, and use strong passwords.
Aviod connecting to insecure, un-trusted public wireless networks and ensures Bluetooth is in ‘undiscoverable’ mode.
Insiders – I see bad people
An employee or worker with malicious intent to steal sensitive company information, commit fraud or cause damage to company system or information.
Ensure access to senstive information is restricted to only those that need it and revoke access when no longer required.
Report all supicious activity or workes immediately to the IT service Desk.
Phishing – Think before you link
A form of social engineering, involving the sending of legitimate looking emails aimed at fraudulently extracting sensitive information from recipients, usually to gain access to system or for identity theft.
Look out for emails containing unexpected or unsolicited request for sensitive informations, or contextually relevant emails from unknown senders.
Never click on suspicious looking links within emails, and report all suspected phishing attempts immediately.
System Compromise – Only the Strong survive
A system that has been attacked and taken over by malicious individuals or ‘hackers’ usually through the exploitation of one or more vulnerabilities, and then often used for attacking other system.
Plug vulnerable holes by ensuring software has the latest security updates and any internally developed software is adequately security reviewed.
Ensure system are hardened and configured securely, and regularly scan them for vulerabilities.
Spam – Email someone else
Unsolicited email sent in bulk to many individuals, usually for commercial gain, but increasingly for spreading malware.
Only give your email to those you trust and never post your address online for others to view.
Use a spam filter and never reply to spam emails or click links within them.
Denial of Service – Are you still here?
An international or uniternational attack on a system and the information stored on it, rendering the system unavailable and inaccessible yo autorized users.
Securely configure and harden all networks and network equipment against known DoS attacks.
Monitor networks through logreviews and the use of instruction dectection or prevention system.
Identity Theft – you will neve be me
The theft of an unknowing individual’s personal information, in order to fraudlently assume that individual’s identity to commit a crime, usually for financial gain.
Never provide personal information to un-trusted indivicuals or websites.
Ensure personal information is protected when stored and securely dusposed of when no longer needed.

No comments: