Malware – How Malware Works & How to Protect
The massive data breach of Equifax in America has been recently trending in the news. Over 143 million records are suspected to have been exposed – meaning about half of America is facing an increased risk of identity fraud.
Also in India, information from servers of more than 6,000 Indian enterprises was reportedly put up for sale on the dark net in one of the biggest data breaches, reported in 2017.
This highly-public data breach heightens our awareness of the ongoing security risk of our personal data, while we are consistently under attack on our own devices. If your computer is connected to a network it is at risk. According to a Cyber security expert from Dhaka, Bangladesh, “Hackers attack every 39 seconds across the globe.” Many of these attacks are designed to install malicious software (or “Malware”) on individual computers in an effort to capture personal information – whether it’s yours or someone else’s.
How does Malware get into my system?
One hallmark of Malware is that it is often downloaded onto a computer or into a network without the computer users’ knowledge. Phishing emails – messages that look and feel like they come from a trusted sender – can contain links or attachments that can automatically install a program in the background functionality of your machine. Additionally, malicious websites that duplicate familiar e-commerce or financial institution websites may also download applications when you navigate to them on your Internet browser.
What does Malware do?
Malware presents with a variety of sophistication and intent, some of the most common used to perpetrate identity theft include:
- Bots:Code that’s designed to take over your computer, making it an unwitting ally to the identity thief in further distributing Malware or carrying out other attacks on individuals or businesses.
- Spyware:Software that’s designed to steal information by transmitting the computer’s data without the user knowing.
- Root kits:A program that hides malicious software from anti-virus software or other security by making it look like a normal, secured file – allowing it further access to computer data.
- Viruses:Perhaps the most familiar, viruses infect other computer programs to deliver the malware. Viruses are often designed to move from one computer to another.
What can you do to minimize the risk of Malware?
Hackers and identity thieves are constantly reinventing and improving their tools. Keeping your personal data safe requires continued vigilance. Here a few tips to reducing your risk:
- Always keep your computer’s software and hardware up to date. Most companies are continually patching security gaps. If possible, turn on the automatic update feature which will install the newest versions as soon as they are available.
- Enable the highest level of security on your internet browser. While they may not be able to catch everything, they can provide warnings if a website or an email looks suspicious.
- Never open an email or download a file that seems suspicious. Closely examine the sender’s address to make sure it’s legitimate and is sent from the actual domain.
- Few trusted companies will ask you to download a program or a document attached to an email. If you have doubts, contact the sender to verify its legitimacy and ask if there is another way to download.
- Keep your personal home network safe by password-protecting it using WPA or WPA2 encryption. WEP is an older, weaker data security protocol and may not be able to prevent more sophisticated attacks.
- Avoid public Wi-Fi, which could be a network established by an identity thief designed to intercept your data or create a back-end channel to access your device.
- Vary your online passwords among different websites and change them frequently.
Another useful tool is the Device Protection software available with your identity theft protection program. This suite of tools includes an anti-malware software that scrambles your keystrokes to confuse malware designed to track what you type as well as anti-ransomware software that works with your browser to alert you to suspicious websites built to capture your logins, passwords, and other sensitive information.