WiFi, fake emails, bogus e-commerce: the biggest threats to users

attacks of phishingfake online shopping sites, games that come with malware (viruses). Threats have increased in recent years and you don’t have to be a large company to suffer a cyber attack. For this, several companies carry out studies to reveal the state of the matter. And 2022 is worrying.

“Today, cybercrime and threats are opportunistic and unpredictable. Since corporate information is in more places, the security risk is much higher. We can recognize it the risks increase”, explains a clarion Ernesto Blanco, manager of HP in Argentina.

The numbers from the company’s cybersecurity division, HP Wolf Security, support these concerns: “One of our latest malware reports revealed that 29% of the malware captured was previously unknown due to the use of evasion techniques. Furthermore, the most common malicious files were found to be documents (31%), archive files (28%), spreadsheets (19%) and executables (17%)”, he details.

How attackers get in varies, but it almost always has one foot in social engineering: tricking the user. And there, email is a popular attack vector.

“Emails also pose a risk to organizations with more than 90% of PC infections from attachments, and more than 80 percent of home office routers are vulnerable to potential cyberattacks,” he explains. In fact, 88 percent of malware was distributed via email, he warns.

And Latin America is one of the areas that has grown the most in terms of the number of attacks: during the first half of 2022, the area received at least 137 billion cyberattack attempts from January to June of this year, an increase of 50% compared to the same period last year (with 91 billion, all this according to FortiGuard Labs).

However, there are ways to protect yourself. Here are the most common threats, which is the most worrying and, above all, how to defend yourself against cyber attacks.

─ What problems should users be concerned about?

Today users are exposed to greater dangers, not only at work, but also in their free time. Thus, they face more situations where they might suffer from cyber attacks. Considering that we live in an increasingly digitized world, in addition to the arrival of teleworking, e-commerce, digital wallets and other advances that present new risks have also increased. Faced with these developments, new threats are produced for users such as personal data leakage. For the same reason you see companies forced to adopt policies so that these transactions and innovations are as secure as possible and thus protect information.

─What precautions can be taken at work?

─As far as work is concerned, it is essential to be informed and take into account the equipment used and the connection networks. Each of the collaborators remains a target for attackers, so they must be informed and vigilant to act quickly and protect information. Also, having a reliable team is important, as there are many unsafe devices that create a huge attack surface. Choosing equipment that offers us safety and allows us to use it without fear or risk is essential for both the end user and the companies. In this sense, laptopsPCs and printers with built-in securityrather than emergency aggregate, it can provide a more transparent and less restrictive experience.

─What happens when you work from home, on a home network?

─In turn, one of our investigations has shown that there is an increased risk of working on potentially unsafe home networks. More than 8 in 10 IT leaders (83%) said firmware against laptops and PCs now poses a significant threat, and 76% of IT decision makers determined that these attacks against printers also pose a similar risk. This means that, in some ways, the hybrid workforce favors threats, as information is in more places and has also encouraged people to share more personal data online, the same ones that cybercriminals can use against you.

E-commerce, a risk

─One attack vector that has grown is online commerce and fraudulent sites. How do you take care of these scams?

When it comes to e-commerce, some points that users must take into consideration to stay safe are:

• Avoid enter sites via links sent via email, as they may be fake. In this case it is preferable to enter through the browser, typing the URL address.

• To verify whether a site is safe, by checking that the address bar of the browser has a green or gray padlock.

• Access Forbidden personal or credit card information on sites that appear dubious or insecure.

• Don’t share security card numbers and codes via instant messaging services and do not store card details on websites.

• Do not use public Wi-Fi networks to make transactions or purchases as they can access your data and even the computer itself, having to completely restore it later.

• When shopping in public spaces, you need to be preventative visual hacking which is the technique used by cybercriminals, spying on the screen of a device, to obtain confidential information such as personal identification numbers (PIN), password, among other data.

data security

─On a more general level, what advice would you give to prevent cyber attacks and safeguard information?

• Endpoint security: In this increasingly distributed, interconnected and mobile ecosystem, endpoint devices are the first line of cyber defense. For this reason, securing and controlling all devices that have access to the network is perhaps the main problem facing cybersecurity today. With hardware-enforced security and proactive cloud-based intelligence, an HP device is designed to defend against attacks, support the defenses of the network it’s on, and quickly recover when needed.

• Connection network: Over 80% of home routers are vulnerable to potential cyber attacks. Remote employees must have a private, reliable and secure Internet connection network at all times. However, IT administrators can help you follow a few simple steps to secure home networks, including using standard passwords and routers with Wi-Fi Protected Access (WPA), using MAC authentication, or hiding the name of the network.

• Multi-level security: the new approach to information security must be multilayered. Network security is still important, but it must be discrete networks. Many vulnerabilities reside in an initial access that enters the entire system, therefore, it is essential to fence sensitive information at multiple levels of access, so that breaking into a room does not mean total conquest of the system.

• Employee training: Protecting employees using devices is as important, if not more important than securing the devices themselves. People are the weakest link in any network and they need to be prepared to know how to detect a suspicious website, malicious file, etc. and they must also be aware of the company’s security policies.