CNET Technology Information Network reported from Taipei on February 5 (Text/Zhong Cuiling) In a few days it will be the Lunar New Year, followed by the seven-day New Year holiday, and everyone is very happy. But it may not be good news for corporate networks, because holidays may also mean a window of information security.
Based on past experience, cyber attacks will rise every time the holidays are over. Cybersecurity company Trend Micro explains that many authors of viruses or malicious programs are students, which is why not only does the learning shortage become serious every winter and summer vacation, but there are also many cyber attacks. The Spring Festival holiday coincides with the winter vacation for students, and it is naturally no exception.
Symantec pointed out that many students' attacks are not necessarily serious, because such attacks are mostly "fun, try" and have no specific targets. If appropriate precautions are taken, there will be no impact. But since many companies have no one to guard during the New Year, once a loophole occurs, it may lead to a big disaster if someone takes advantage of the situation.
This article collects some personal and corporate security codes provided by cybersecurity companies to enable your computer and your company network to spend the New Year holiday safely.
(I) surf the Internet at home:
During the New Year, home computers are the main victims of malicious programs and attacks.
Attack type:
Malicious program: As the New Year approaches, friends and company numbers often send electronic New Year greeting cards. However, viruses and *s may also be invisible. If you are not careful, you may be poisoned or planted with backdoor programs. Instant Messaging is also a potential channel for malicious programs to infect.
Phishing: Many people surf the Internet at home in the New Year, shopping online and playing online games have become a great pleasure to spend time. During the New Year, you may receive some emails from well-known banks asking you to confirm your password, or someone sends a message when playing online games. You can go to a certain website to download some program that can increase your skills, but in the end you can lead the wolf into the house, download the * program or spyware, and then the password of the bank or online game is stolen, etc.
Personal computer prevention:
Regularly update to the latest virus definition file. Trend Micro recommends that it is best to use antivirus software that can capture spyware. Symantec's antivirus software should have personal firewall and intrusion detection functions. The former can truncate the connection between a zombie computer (Zombie) and a hacker, while intrusion detection can issue a warning when someone intrudes from a vulnerability such as IE. These measures may now fix irregular bombs in the computer.
Download the patch. For example, Microsoft regularly releases program vulnerabilities and security update notifications with varying degrees of risk, and the update program should be downloaded immediately.
Develop safe behavior. Don’t open unidentified graphics and execution files at will, and don’t leave important personal information on unfamiliar websites.
(II) Enterprise level
Although no one in the company is online during the Chinese New Year, there may still be vulnerabilities and hacker-related security attacks. Since the company's systems are more and more complex and contain more important information, for the company's IT staff, they not only need to ensure that the company's employees must truly implement security measures to prevent personal computers, but also ensure server and network defense, as well as overall security management.
Fix vulnerabilities: from instant messaging (IM), email software, browsers, to operating systems, database software, routers, and switches, as long as there is a vulnerability that is not repaired in time, it may be invaded by poisonous insects and cause various levels of damage. Common operating system and browser vulnerabilities should be patched as soon as possible.
Appropriate password setting: If the system administrator uses a "lazy password" (such as password in password or company abbreviation), or even a "slightly complex lazy password", it is easy to guess and make people go straight. Before the holiday, make sure the password is set properly.
Safety response measures. Do a good job of drilling for information security incidents to ensure response measures for events, such as who should control and handle them when the system is invaded; set up a firewall and intrusion detection system to send a telephone message when an incident occurs. If the company does not have a proprietary IT staff and is responsible for maintenance by a dealer of anti-virus products, the dealer should be asked to provide advice and deploy security measures during the New Year.
The system that does not need to be turned on should be turned off as much as possible. Although the computer is turned on, the source code is updated instantly, if one more computer or server is connected to the Internet, there will be an additional chance of being hacked. Of course, this also means that on the first day of the new year, the first thing IT personnel do is to download security updates and deliver them to every computer as soon as possible.
Backup: This is the last line of defense to prevent information from being damaged by the system (or even the entire computer is stolen and moved away), and the information can be replied to as soon as possible.
Security companies pointed out that if there is no security drill allowed in time, they should at least deploy antivirus software and patch operating system vulnerabilities.
To ensure long-term stability and long-term stability of the company, it depends on the good daily use habits and protective measures of individuals or enterprises. It is still not too late to make up for the loss of sheep. Take basic protection and your company can celebrate the New Year with peace of mind and come back after the holiday to receive red envelopes for start-up work.