By Bret Piatt
May 15, 2017
After this recent outbreak of the WannaCry, nearly everyone knows what ransomware is now. While restoring from backup is one way to recover your files, ideally, you block the attack before it reaches your computers. Network security services and hosted-based security software are both readily available today for small businesses. We offer a free network security test to find out if you’re prepared in two minutes or less.
Hackers are getting more creative, in a bad way, as many of us are learning to not click links we’re unsure about in emails or web-based advertisements. One of these new methods to get malware onto your system is called a drive-by download where all you have to do is open the email or visit the website and the hacker’s software will automatically download itself. They’re also using flaws in HTTP (clear text web browsing) and Wi-Fi to inject files onto computers while the victim uses Wi-Fi in a public place. If a hacker has already infected another victim who is using the Wi-Fi at the same location as you simply getting on the Wi-Fi network will infect your computer. One good free method to mitigate some drive-by attacks using an adblocker such as Adblock Plus. A second recommendation is using a VPN service when connecting from public Wi-Fi.
Security research data estimates that 9 out of 10 attacks still start with an email. As user interfaces simplify, hiding the full STMP mail header information, and hackers become more sophisticated, sending the fake emails masquerading as a friend or colleague, many of us still fall victim and either click a link, share a password or provide other help for the hacker to compromise our systems. As a business for financial transactions, we recommend dual-authorization where two separate individuals need to follow all the steps to wire or automated clearing house (ACH) funds to a payee. In addition, providing security awareness training and sending test phishing emails to see how your company responds are both important to mitigate the real risk posed by spear phishing.
Security awareness training is something all of us need to do in order to use the Internet for business. This doesn’t mean you need to spend weeks in a classroom. It does mean you need to spend a few hours staying up-to-date on what the hackers are doing so you avoid becoming a victim in the new scams they come up with.