A disheartening upward trend
Nearly every day you read about a new malicious attack on computer networks of vital businesses around the world, and the attacks are not slowing down.
According to reports, malware volume skyrocketed in 2016—more than 800 percent when compared to 2015—and that number continues to rise.
The most recent WannaCry ransomware attack targeted computers running Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin currency. The attack reportedly locked hundreds of thousands of computers in more than 150 countries and demanded a $300 payment to restore the encrypted files.
Another attack, the Hancitor malicious downloader, worked its way into networks using a variety of fake emails from what looked like familiar senders such as FedEx, USPS, and Google. These emails appeared to be authentic, making it more likely that users will click a link within the body of the email. Doing so, however, downloaded an exploit that allows cyber crooks to take control of the infected machine.
“Attackers are getting more sophisticated, creating very realistic emails that can easily catch end users off-guard,” said AppRiver security analyst David Pickett. “It pays to read carefully, looking for misspellings and typos that most businesses, government agencies, and media outlets simply don’t make.
Pickett added: “As a general rule, don’t click on a link within the email. Where possible, go directly to the site and find the information there. If you can’t, there’s a good chance the email link was malicious.”
What else can businesses do to protect themselves?
Aside from a multi-layered security approach, businesses should have a secure backup process in place. Should they be infected, a backup allows them to wipe the affected device and reload their information. Usual.
Another crucial step is education for all levels of staff.
Often it is a company’s last line of defense—the employees—who accidentally unleash a malicious attack.
It is worth an employer’s time to educate employees on how to not fall prey to a savvy hacker because it just might save the company from costly attacks and hours of headaches. And as a trusted advisor, you’re in the best position to help.
“Channel partners and network admins consistently tell us that their biggest security concern is their own or customer employees downloading malware,” said Justin Gilbert, AppRiver channel sales manager. “It is that point where education can be even more critical than technology in preventing breaches.”
Here are 5 simple steps you can teach end users that will help keep hackers from wreaking havoc on your systems:
- Assume all file attachments are dangerous. Dangerous attacks often utilize common file types users are used to seeing: .doc, .xls and .pdf, etc. While not every file extension can launch a malicious attack, users should treat file extensions with a healthy dose of skepticism— especially if the files were received unsolicited.
- Stay alert for phishing emails: Only click web links within emails you absolutely are sure are authentic. Phishing emails typically come with typos and impersonal greetings such as “Dear Customer” or “Dear Sir/Madam.” Be wary of threats and urgent deadlines as these often are characters of phishing scams.
- Update system and software patches regularly: Security researchers have shown that installing system and software updates is the best defense against the most common viruses and malware online, particularly for computers running Windows. Software makers often release updates to address specific security threats that have come to their attention. By downloading and installing the system and software updates, you patch the vulnerabilities that virus writers rely on to infect your computer.
- Be careful using public Wi-Fi: Most business who provide public Wi-Fi tend to have lax or nonexistent security, leaving the network and your computer vulnerable to hackers.
- Use complex and lengthy passwords: To make it harder for someone to guess your password, use a combination of letters, numbers and symbols. Do not use the same password for multiple accounts.