订阅

多平台阅读

微信订阅

杂志

申请纸刊赠阅

订阅每日电邮

移动应用

商业 - 科技

面对勒索软件的威胁,该如何是好?

Shaun Murphy 2017年05月17日

只要人们对重要的网络安全问题有所了解,便不会对此完全束手无策。

 

 

近期,全球数十万的电脑受到了WannaCry网络攻击的影响。WannaCry是一种勒索软件,又称WannaCrypt。黑客通过加密用户电脑里的文件,并勒索其付费才能解密。此事件提醒了我们的数字生活一直在遭受威胁,也确实让我们感到不快。

但只要人们对重要的网络安全问题有所了解,便不会对此完全束手无策。但问题是他们并不了解。皮尤研究中心(Pew Research Center)近期对一千名美国成人进行了有关网络安全问题的小测验。所有接受调查的人中,只有1%理解测验中的各个问题,并能够回答正确。不到一半的人能正确回答13个问题中的6个。

测验涉及的主题包括:识别双重认证,以便了解勒索软件的定义。也许这听起来像一个只有电脑专家才懂的复杂术语,但是对其视而不见无异于玩火自焚。人们可以从学习网络安全的基本概念并进行安全操作入手,来保护自己的数字生活。

勒索软件

现在勒索软件备受关注,它有可能摧毁人们的数字生活。你自己需要了解钓鱼袭击的方式,切勿打开任何未知发信人发来的邮件,特别是当一个你不认识的人向你发送的邮件内容包含附件或链接时,尤其要小心谨慎。当然,在非常小心的情况下,仍然可能发生失误,因此确保你在线上线下均有按日、周、月备份的文件,并定期检验备份资料,确保数据安全。

HTTP vs. HTTPS

如果你想确保外人无法读取或修改你向网站发送的信息,那么请使用HTTPS网站,而非HTTP网站。你所用的浏览器和某个HTTPS网站之间的所有交流都是加密的。现代的网页浏览器会通过HTTPS显示除URL以外的一个安全链接证书,来告诉你某个站点是否安全;可以用一个上锁的标志或“安全”一词来表示。此外,URL本身也会以“https”而非“http”打头。

如果你忽略这些差异,你或你公司的知识产权将很容易被竞争者利用,或者作为互联网服务提供商(ISP)的批量数据收集而被售卖。在进行敏感性交易时,请使用HTTPS,这样一来,你的互联网服务提供商或其他任何中间方将无法获得你浏览或提交的资料。

给设备加密

二手电脑或硬盘的买卖中经常发现前物主的私密信息或个人信息,这非常可怕。解决这一问题的方法是对硬盘进行加密,用密码保护你的文件。

利用这种方式,即便你的电脑落入不良分子手中,加密也依然能保证相关方无法从其中获取任何有价值的数据。Windows系统的BitLocker和Mac FileVault均可引导你对你的设备进行加密。

虚拟专用网络(VPN)

正确安装的VPN可确保你在咖啡店、机场或旅馆房间中使用网络和在你自己房间里一样安全。小心对待任何第三方提供的免费或便宜VPN服务,不要盲目相信它们不会监测你的上网活动。找到一个你信任的VPN软件后,只需简单打开它并登录即可。

权限管理和位置跟踪

如果你为手机、平板电脑或计算机安装越多的应用和程序,那么你在为方便工作而接入很多访问点的同时,也向犯罪分子提供了方便。当你允许手机上的应用接入位置跟踪、麦克风接入、通讯录等功能时,他们可以立即将他们选择的任何信息进行转换。当任何应用发出类似请求时,考虑一下你是否真的需要接入它们。如果不需要,果断不允许接入。

然而,并不需要完全避开此类服务或避免连接设备,你需要聪明地决定你要分享的信息,包括什么样的信息是你默认允许的,什么可以稍后允许,而什么样的信息需要改变。(财富中文网)

译者:汪皓

Shaun Murphy是sndr.com的CEO。他对文中提到的任何公司均未有过投资行为。

The WannaCry cyberattack recently infected hundreds of thousands of computers worldwide. WannaCry, also known as WannaCrypt, is ransomware, which holds a computer hostage until the user pays a certain amount of money to the hacker. This attack is an unpleasant reminder that our digital lives are constantly under threat.

That doesn’t mean there is nothing people can do, so long as they stay educated on important cybersecurity issues. The problem is that they don’t. The Pew Research Center recently quizzed over 1,000 American adults about cybersecurity issues. Only 1% of those surveyed understood every issue and answered each question correctly. Less than half of the people given the quiz were able to answer even six of the 13 questions correctly.

Topics covered in the quiz included identifying two-factor authentication to knowing the definition of ransomware. These might sound like complex terms only known to computer experts, but ignoring them is playing with fire. People can start to protect themselves by learning and establishing safe practices around these fundamental concepts of cybersecurity:

Ransomware

Ransomware is in the news now, and for good reason: It can devastate your digital life. Make sure you understand phishing attack methods and don’t open emails from unknown senders, and be especially wary if someone you don’t know emails you attached documents or links. Of course, mistakes happen, so make sure you have solid online and offline daily, weekly, and monthly backups, and periodically test these backups to make sure your data is safe.

HTTP vs. HTTPS

Use HTTPS—not HTTP—sites if you want to ensure outsiders are not reading or modifying the data you’re submitting to websites. All communications between your browser and an HTTPS site are encrypted. Modern web browsers will tell you if a site is secured through HTTPS by displaying a secure connection certificate beside the URL; this can be denoted with a lock symbol or the word “secure.” In addition, the URL itself will start with “https” instead of “http.”

If you ignore this difference, you or your company's intellectual property could be easily exposed to competition or sold as part of an Internet service provider’s (ISP) bulk data collection. For sensitive transactions, always use HTTPS so that your ISP or any entity in the middle of the connection will have no details on what you are viewing or submitting.

Device encryption

There are many horror stories of people buying old computers or hard drives off of the Internet that contain the former owner’s confidential or personally identifiable information. The solution to this is disk encryption, which protects your files with a password.

This way, if your computer falls into the wrong hands, encryption ensures that that entity won’t be able to extract any meaningful data from it. BitLocker for Windows and FileVault for Mac offer guides to enable device encryption.

Virtual private network (VPN)

A properly configured VPN will ensure that even if you’re in a coffee shop, airport, or hotel room, you are as safe as you were back at your desk plugged into your company's network. Be careful with free or cheap VPN services from third parties; don’t blindly trust that they won't monitor your traffic. Once you’ve found a VPN software you trust, simply open it up and log in.

App permissions and location tracking

The more you allow apps and devices to take over responsibilities on your smartphone, tablet, or computer, the more access points you create into your life for companies and criminals alike. When you give these apps permissions for location tracking, microphone access, your address book, and other functions, they can immediately start transferring that information anywhere they choose. Consider whether each app you have really needs access to these things. If not, don't allow it.

While it isn’t necessary to avoid these services or connected devices altogether, it is important to make smart decisions about what information you share, including what information you are granting by default, what could be granted later, and what is subject to change.

Shaun Murphy is the CEO of sndr.com. He does not have any investments of the companies mentioned in this article.

我来点评

最新文章:

500强情报中心

财富专栏