Information security is essential because almost everyone has a computer. Computers become tech homes for personal use, replacing the old limitless PII. No one wants their personal information exposed for malicious purposes, such as blackmail or identity fraud. If not correctly cared for, personal computers are highly vulnerable to hacking and the installation of spyware. Depending on the machine, some people put in over thousands of dollars into a computer, and that computer could be ruined by a virus in the blink of an eye if a bad link is clicked in a scam email. Luckily, there are many products to keep personal devices safe and secure. Software like VPNs helps encrypt your IP address and network traffic, so you can browse the internet with ease of mind, without a hacker knowing you were there using your own IP Address. Antivirus keeps users from getting malware or viruses by scanning files and links and locking them up before they can cause damage. Firewalls keep everything from getting into the computer from a network. Organizational computers, on the other hand, need the same care as personal computers, as data leaks can occur depending on what information they store. Luckily, if done right, organizations should have appropriate security tools, such as firewalls, antivirus software, and VPNs, installed on their computers before giving them to employees. Organization computers can house PII and secret files on a need-to-know basis, depending on a person's position in the organization. Law enforcement work on computers, for example, have software that can look up information on individuals based on social security numbers and dates of birth. If this software were to be hacked, it would pose a threat to national security.
Social Engineering
When I was an MP in Arizona, a social engineering case came into our police station, and I initially investigated it by interviewing the victims. A female spouse dependent was on a Facebook group for wives on base looking for work when a scammer posted, asking if anyone would like to make money from home. The scammer had built a convincing profile that people bought into. The scam was that the person running the account was supposed to send fake checks to a victim, who would cash them and buy bitcoins. Scammers do their homework on their target victim groups and prey on the less fortunate in the hope of baiting them more easily. In this case, the scammers got greedy and wanted the victim to send money orders, set up a real account, and used the FBI to track it to an actual address, and then interview the scammer. The victim lost $20,000 but recovered about $8,000 and ultimately had to pay the remaining $12,000 out of pocket. This incident demonstrates how social engineering exploits human trust rather than technical system flaws, manipulating individuals into becoming unintentional security vulnerabilities. Wang, Z et al (2021). explained that all computer systems rely on humans, and humans are the weakest link that attackers exploit.
In the US Army, or well, all government employees, we take a lot of cybersecurity online training and refresher courses to keep us from falling for frauds, scammers, and all types of scams, to prevent data leaks and spills, and to prevent other attacks from enemies, foreign and domestic. We are all cybersecurity professionals. One thing I noticed is that computer safety isn't very well known among regular civilians who don't use computers often, only for Facebook or social media. Civilians should be taught classes to avoid these types of scams. All computers should come with VPNs, antivirus software, and firewalls, free or with a base version. Not everyone can afford it, and some people don't know what it is.
Phishing and Smishing
Phishing and Smishing are pains that everyone has come across, one way or another. The end goal is to get a person to click a harmful link and/or provide personal information. Recently, I kept getting texts from the EZPass in Virginia, but I have never been on EZPass in Virginia. However, when I was moving to VA, I drove through the Pennsylvania EZPass and was expecting an email or call from them about owing money. I could have easily fallen for the scam, but eventually, I got more texts from this alleged EZPass. Sometimes they would be group texts with other people, which is one of the red flags. I knew it was fake. If I were to fall for this, I know my personal data would be leaked forever. When I was younger, my Instagram was hacked and would spam everyone in my DMs with harmful links. I accidentally clicked on that link, which initially got my account hacked.
Now that we are in the era of technology, high schools should implement cybersecurity classes to teach cybersecurity rules at an early age. When you are younger, it's a lot easier to fall for easy-to-read scams. These classes can turn more advanced if the student would like to keep taking them each year. 2-factor authentication is the best way to keep users' passwords from being hacked, as it requires more than 1 factor to sign in to an account, such as a second device or a different app with a separate login password. With the invention of AI, we can implement it to help us detect and deter smishing and phishing scam texts sent to iPhones and Androids. Mehmood et al (2024). conducted research and found that machine learning technologies can play a crucial role in protecting individuals and organizations from evolving mobile-based phishing threats and may be integrated into future mobile security applications.
No comments:
Post a Comment