Computer Security, Cyber Security & Online Privacy
AVLP is Industry Leader in Computer Security, Cyber Security, and Online Privacy
The Internet has transformed our lives in many good ways. Unfortunately, this vast network and its associated technologies also have brought in their wake, the increasing number of security threats. The most effective way to protect yourself from these threats and attacks is to be aware of standard cybersecurity practices. Below is an introduction to computer security and its key concepts.
What is computer security?
Computer security is the protection of computer systems and information from harm, theft, and unauthorized use. It is the process of preventing and detecting unauthorized use of your computer system.
There are various types of computer security which is widely used to protect the valuable information of an organization.
Types of Computer Security:
Software, the programming that offers services, like operating systems, word processors, and internet browsers to the user
Computer security threats
A computer virus is a malicious program which is loaded into the user’s computer without user’s knowledge. It replicates itself and infects the files and programs on the user’s PC. The ultimate goal of a virus is to ensure that the victim’s computer will never be able to operate properly or even at all.
A computer worm is a software program that can copy itself from one computer to another, without human interaction. The potential risk here is that it will use up your computer hard disk space because a worm can replicate in greate volume and with great speed.
A Ransomware is a malware designed to deny a user or organization access to files on their computer. By encrypting these files and demanding a ransom payment for the decryption key, cyberattackers place organizations in a position where paying the ransom is the easiest and cheapest way to regain access to their files. Some variants have added additional functionality – such as data theft – to provide further incentive for ransomware victims to pay the ransom.
Ransomware has quickly become the most prominent and visible type of malware. Recent ransomware attacks have impacted hospitals’ ability to provide crucial services, crippled public services in cities, and caused significant damage to various organizations.
Man in the Middle
A man-in-the-middle (MITM) attack occurs when hackers insert themselves into a two-party transaction. After interrupting the traffic, they can filter and steal data, according to Cisco. MITM attacks often occur when a visitor uses an unsecured public Wi-Fi network. Attackers insert themselves between the visitor and the network, and then use malware to install software and use data maliciously.
Disguising as a trustworthy person or business, phishers attempt to steal sensitive financial or personal information through fraudulent email or instant messages. Phishing in unfortunately very easy to execute. You are deluded into thinking it’s the legitimate mail and you may enter your personal information.
A botnet is a group of computers connected to the internet, that have been compromised by a hacker using a computer virus. An individual computer is called ‘zombie computer’. The result of this threat is the victim’s computer, which is the bot will be used for malicious activities and for a larger scale attack like DDoS.
A rootkit is a computer program designed to provide continued privileged access to a computer while actively hiding its presence. Once a rootkit has been installed, the controller of the rootkit will be able to remotely execute files and change system configurations on the host machine.
Browser hijacking occurs when unwanted software on an internet browser alters the activity of the browser. Internet browsers serve as the "window" to the internet, and people use them to search for information and either view it or interact with it. Sometimes these will route your search, internet traffic through their servers logging your browsing activities to sell you ads to trying to steal your personal and financial information.
More nefarious individuals will use exploits (which hasn't been patched yet, via security updates) to lockdown mouse input of your browser, "giving you an illusion" of being locked out of the computer. Giving you a fake prompt and number for you to call. Do not fall for these traps.
Browser Hijack Scam
Fake Microsoft Support Scam / Browser Hijack Scam
Your mouse clicking may not work as they block your mouse.
Do not panic. Do not Call the number!
Shut Down/ Restart your computer immediately.
Use [ Alt + F4 ] keys combination to terminate/exit that frozen screen or browser. If that doesn't work hold your power button for 10 seconds (could be upto 30 seconds) to completely shutdown your PC.
AVLP can help! Give us a call @ 307 223 2230.
This is often done by people from India and other South Eastern Asia region. They call you from a "spoofed" local number or from reputable company numbers (Amazon, Apple, Google, TV Provider, or Tech Support etc.). They pretend to be representative of the company and try to get you to divulge personal information that they then use to steal your identity. Sometimes they will ask you to download software on your PC or Mac giving them access to your computer, personal data, bank information and more. Beware of these scam calls! No reputable company person will ask for your social security number or other personal info. If you are unsure, hang-up and call AVLP 307-223-2230.
Be Careful What You Open in Your Spam Folder! You ever gone through your spam folder and actually tried responding to some of that stuff? I did! And this video tells you what I learned. If you want a great website that will scan URL's for you, check out http://www.urlscan.io
If you want a great tool to grab people's IP addresses, check out http://www.grabify.link
Beware of these spam emails! No reputable company person will send you unsolicited spam email or ask for your social security number or other personal info. If you are unsure, delete the email and call AVLP 307-223-2230.
With the right password, a cyber attacker has access to a wealth of information. Social engineering is a type of password attack that Data Insider defines as “a strategy cyber attackers use that relies heavily on human interaction and often involves tricking people into breaking standard security practices.” Other types of password attacks include accessing a password database or outright guessing.
Also known as a keystroke logger, keyloggers can track the real-time activity of a user on his computer. It keeps a record of all the keystrokes made by user keyboard. Keylogger is also a very powerful threat to steal people’s login credential such as username and password.
Browser Session Token attack - Session hijacking attack
The Session Hijacking attack consists of the exploitation of the web session control mechanism, which is normally managed for a session token.
Figure 1. Manipulating the token session executing the session hijacking attack.
Figure 2. Code injection
For more info about Browser session hijacking attack and how to safeguard yourself and your business visit our blog page:
Why is Computer Security Important?
Computer Security Practices
What is Cybersecurity?
Why is cybersecurity important?
Cybersecurity Fundamentals – Confidentiality
AVLP offers Complete, Round the Clock OT Security Solutions
What is Operational Technology (OT) Cybersecurity?
Operational technology (OT) cybersecurity references the software, hardware, practices, personnel, and services deployed to protect operational technology infrastructure, people, and data.
12 Simple Things You Can Do to Be More Secure Online
1. Make Sure You have a Functioning Antivirus and Keep It Updated - for most people it will be Windows Security (formerly known as Windows Defender)
We call this type of software antivirus, but fending off actual computer viruses is just one small part of what they do. There is an emerging threat in recent years called ransomware. Ransomware, as the name suggests, holds your data hostage as it encrypts your files and demands payment to restore them. Trojan horse programs seem like valid programs, but behind the scenes, they steal your private information. Bots turn your computer into a soldier in a zombie army, ready to engage in a denial-of-service attack, spew spam, or whatever the bot herder commands. An effective antivirus protects against these and many other kinds of malware.
Windows Defender has ransomware protection built into it, but it is not turned on out-of-the box, confusing - we know!
PC manufacturers and sale stores may not tell you that Windows has antivirus built into it! Not only is Microsoft Defender baked into the operating system, it automatically takes over protection when it detects no other antivirus, and just as automatically steps aside when you install third-party protection. The thing is, this built-in antivirus is not set up out of the box with the best protection settings leaving you vulnerable. You may think you need a third-party antivirus and may be told that the best free ones are way better than Microsoft Defender. But in reality unless you work are in a corporate or enterprise settings, all you need is optimize your system for privacy and security. Aegis Complete PC Suite takes care of that for you!
2. Explore the pre-installed software and Security Tools that came with the PC or what You Install
Many excellent apps and settings help protect your devices and your identity, but they're only valuable if you know how to use them properly. To get the maximum protective power from these tools, you must understand their features and settings. A lot of the time your PC (or Mac if not bought directly from Apple) is bundles with Potentially Unwanted Applications (PUAs), some times masquerading as "security" or "protection" software or "safe search tool"! They are actually harmful to your computer and most of the time are the cause of the issues you are experiencing with your PC.
Some bloatware are installed deliberately by sellers of the PC to make you into paying for unnecessary fees and subscription down the road. Don't be a victim of this rampant extorsion - AVLP can help! We offer services to optimize your PC by removing the crapware that manufacturers and big box retails often install in your PC. After our service, you will have a pleasant surprise to see the know fast and responsive your PC is and often times better in performance than the day you purchased new!
3. Use Unique Passwords for Every Login
One of the easiest ways hackers steal information is by getting a batch of username and password combinations from one source and trying those same combinations elsewhere. For example, let's say hackers got your username and password by hacking an email provider. They might try to log into banking sites or major online stores using the same username and password combination. The single best way to prevent one data breach from having a domino effect is to use a strong, unique password for every single online account you have. I know it can be tedious to create and remember unique credentials for each login, we suggest writing them down in a mini notebook and keep it in a safe place.
4. A word about VPN and its Use cases
Any time you connect to the Internet using a public Wi-Fi network that you don't own, you should use a virtual private network or VPN. Say you go to a coffee shop and connect to a free Wi-Fi network. You don't know anything about the security of that connection. It's possible that someone else on that network, without you knowing, could start looking through or stealing the files and data sent from your laptop or mobile device. The hotspot owner might be a crook, sniffing out secrets from all Wi-Fi connections. A VPN encrypts your internet traffic, routing it through a server owned by the VPN company. That means nobody, not even the owner of the free Wi-Fi network, can snoop on your data.
But if it's your home, office or known wifi and you are not trying to access sites that are unavailable in your region VPN can actually slow down your internet without any significant benefits! We recommend a browser level adblock and security and privacy extension instead. Call us to find out more!
Some useful use-cases for VPN
5. Use Multi-factor Authentication
Multi-factor authentication can be a pain, but it absolutely makes your accounts more secure. Multi-factor authentication means you need to pass another layer of authentication, not just a username and password, to get into your accounts. If the data or personal information in an account is sensitive or valuable, and the account offers multi-factor authentication, you should enable it. Gmail, Evernote, and Dropbox are a few examples of online services that offer multi-factor authentication.
Multi-factor authentication verifies your identity using at least two different forms of authentication: something you are, something you have, or something you know. Something you know is the password, naturally. Something you are could mean authentication using a fingerprint, or facial recognition. Something you have could be your mobile phone. You might be asked to enter a code sent via text or tap a confirmation button on a mobile app. Something you have could also be a physical Security Key; Google and Microsoft have announced a push toward this kind of authentication.
If you just use a password for authentication, anyone who learns that password owns your account. With multi-factor authentication enabled, the password alone is useless. Most password managers support multi-factor, though some only require it when they detect a connection from a new device. Enabling Multi-factor authentication for your password manager is a must.
6. Use Passcodes Even When They Are Optional
Apply a passcode lock wherever available, even if it's optional. Think of all the personal data and connections on your smartphone. Going without a passcode lock is unthinkable.
Many smartphones offer a four-digit PIN by default. Don't settle for that. Use biometric authentication when available, and set a strong passcode, not a stupid four-digit PIN. Remember, even when you use Touch ID or equivalent, you can still authenticate with the passcode, so it needs to be strong.
Modern iOS devices offer a six-digit option; ignore it. Go to Settings > Touch ID & Passcode and select Change Passcode (or Add Passcode if you don't have one). Enter your old passcode, if needed. On the screen to enter the new code, choose Custom Alphanumeric Code. Enter a strong password, then record it as a secure note in your password manager.
Different Android devices offer different paths to setting a strong passcode. Find the Screen Lock settings on your device, enter your old PIN, and choose Password (if available). As with the iOS device, add a strong password and record it as a secure note.
7. Pay With Your Smartphone
Setting up your smartphone as a payment device is typically a simple process. It usually starts with snapping a picture of the credit card that you'll use to back your app-based payments. And setup pretty much ends there; you're ready.
Point-of-sale terminals that support smartphone-based payment usually indicate the fact with an icon, from a picture of a hand holding a smartphone to a stylized representation of a radio wave. Just place your device on the terminal, authenticate with a thumbprint, and you've paid up.
How is that better than using the credit card itself? The app generates a one-use authentication code, good for the current transaction only. Even if someone filched that code, it wouldn't do them any good. And paying with a smartphone app eliminates the possibility of data theft by a credit card skimmer.
8. Use Different Email Addresses for Different Kinds of Accounts
People who are both highly organized and methodical about their security often use different email addresses for different purposes, to keep the online identities associated with them separate. If a phishing email claiming to be from your bank comes to the account you use only for social media, you know it's fake.
Consider maintaining one "burner" email address dedicated to signing up for apps that you want to try, but which might have questionable security, or which might spam you with promotional messages. After you've vetted a service or app, sign up using one of your permanent email accounts. If the dedicated account starts to get lots of spam, contact us, or close it and create a new one.
9. Get your browser security checked by an expert - AVLP can help! 307 223 2230
10. Sometimes a simple security setup together with a good browsing protection and privacy extension is all you need. - don't get fooled into paying a lot for them - We can help!
11. Don't Fall Prey to Click Bait or Phishing Scams
Part of securing your online life is being smart about what you click. Clickbait doesn't just refer to cat compilation videos and catchy headlines. It can also comprise links in email, messaging apps, and Facebook. Phishing links masquerade as secure websites, hoping to trick you into giving them your credentials. Drive-by download pages can cause malware to automatically download and infect your device.
Don't click links in emails or text messages, unless they come from a source you trust. Even then, be cautious; your trusted source might have been compromised, or the message might be fake. The same goes for links on social media sites, even in posts that seem to be from your friends. If a post seems unlike the style of your social media buddy, it could be a hack.
12. Protect Your Social Media Privacy
There’s a common saying: if you’re not paying for a service, you’re not a customer; you’re the product. Social media sites make it easy for you to share your thoughts and pictures with friends, but it’s easy to wind up sharing too much.
You can download your Facebook data to see just what the social media giant knows about you. It may be quite an eye-opener, especially if you're the kind of person who routinely clicks on quizzes that require access to your social media account. Really, you don't need to know which Disney princess or dog breed you are.
Beware, too, of hackers posing as your social media friends. A common scam starts with a private message and ends with hackers taking over your account and using it to continue the scam. If you get an odd or unexpected private message from a friend, ask about it using email or some other type of communication. Your friend may have been scammed.
You can drastically reduce the amount of data going to Facebook by disabling the sharing platform entirely. Once you do, your friends can no longer leak your personal data. You can't lose data to apps, because you can't use apps. And you can't use your Facebook credentials to log into other websites (which was always a bad idea).
Of course, other social media sites need attention too. Google probably knows more about you than Facebook, so take steps to manage your Google privacy, too. Make sure you've configured each social media site so that your posts aren't public (well, all except Twitter and other broadcast media services). Think twice before revealing too much in a post, since your friends might share it with others. With care, you can retain your privacy without losing the entertainment and connections of social media.
Have your system been compromised recently?
Have you downloaded/installed a virus or unwanted app?
PC running slow, freezing, crashing?
Something's not right?
Try Windows Malicious Software Removal Tool you can also download Microsoft Support Emergency Response Tool