Strong and resilient backups are the most important piece of protecting your business. Cybersecurity is an ever-evolving arms race. Antivirus, spam filtering, and firewall vendors are all constantly plugging holes and vulnerabilities only for malicious actors to abandon their old tricks and find new ones. No matter how elaborate your security mechanisms are, they will never truly be 100% effective forever; there will always be some small risk. Whether that’s a brand-new exploit or users being tricked, malware and scammers will always try to find a way in. Those protective measures also won’t do much good against natural disasters or hardware failure, either.
Topics: Network Security
If you ever watched The Road Runner cartoons, you probably witnessed that zippy bird outwit Wile E. Coyote on more than one occasion by turning a directional signpost 180 degrees and sending his antagonist careening off a cliff. While they don't make the same "Beep-Beep" sound, the Internet is full of clever people and entities engaged in similar efforts at misdirection. The difference is that, rather than driving your body off a cliff, they are looking to drive your money in their direction. There are lots of ways to take a wrong turn as you browse through web pages. Here are some indicators to keep you on the right path.
Occasionally, a client will call in about one of our firewalls blocking access to a common every day site, like FedEx or Amazon due to being a “known malware” or “adware” site. In most cases, what we find when we connect to the client's computer is that, while the person thinks s/he is clicking to go to FedEx.com's package tracking page, assuming that FedEx's site would be the top search result, s/he's actually clicking on one of the "Ad" links Google places at the top of their results. These Ad sites are paid for and may very well be sites with malware buried in them, so our Meraki firewalls block the resulting pages.
Topics: Network Security
Undoubtedly, you’ve seen news reports about scams where someone cold calls phone numbers, claiming to be from Microsoft or the IRS, and dupes their victims out of money or their identity. What most people don’t realize, however, is that it’s just as easy for scammers to pretend to be someone else over email.
Using compromised or poorly secured email servers anywhere in the world, scammers can make an email appear as if it came from a recognized contact or company VIP. In many cases, these emails will take the form of a request for a wire transfer.
Email has become the primary channel of communication in most business offices, which makes it a prime target for malware distribution since users tend to function on autopilot when they use it. If you receive dozens - or even hundreds - of invoices or shipment notifications a day, you may not notice that one of these isn’t from a familiar source before you open it to find out what it is. Sometimes simply opening a file is all it takes to let malware in, leading to all of the files on your shared drive becoming encrypted and inaccessible.
The most common question we hear following a malware infection or security breach is this: “How did this happen!?” In most cases, it’s difficult to find an answer to this question without hours of analysis. However, the vast majority of cases can be attributed to end-users being tricked into doing something by someone with malicious intent.The standard protective measures consisting of anti-virus, spam filtering, and a firewall are critical components to keeping your network safe, and they will prevent a massive number of potential threats, infections, and breaches. Still, they will never be 100% foolproof. I often use the image of a bulletproof vest to describe the effect of these security layers: they’ll protect you from most shots, but they won't make you invincible. Malware authors will always find new techniques and exploits. Malware is an arms race in which security vendors constantly patch exploits and close loopholes only for another new threat to pop up right around the corner. Users will be fooled into believing something is legitimate. They’ll click through a half-dozen warnings from your security measures because they’re convinced these are false-positives; only to find out hours later that they’ve been hit by Cryptolocker.
For the past year or two, a new type of malware, commonly known as CryptoLocker, has been in the wild. Rather than make it appear like you have a dozen viruses and demand money to remove them, the mischief-makers have escalated to permanently damaging/corrupting your files unless you pay to decrypt them. If this occurs, there are only two ways to get your files back: restore from an isolated back-up or pay them, and paying them generally doesn’t work.
In most cases, if you’re a Bennett/Porter IT client, you have a backup system in place. However, please note that it is typically only the servers being backed up. In the event that a user is storing critical files locally, they may be lost if that person's workstation is infected. So, beyond standard anti-virus protection, how can you defend your network from this threat and minimize the damage if it gets through?