Not so long ago, if your organization had a robust security suite that included a firewall and antivirus, you could feel reasonably secure. The antivirus vendors spent a lot of time and manpower keeping up with the software code, or “signatures,” that identified malicious code trying to enter your network. As long as your IT group kept the signatures updated according to the vendor’s recommendations, and your firewall access parameters were fairly stiff, you were doing just about all you could do–or needed to do.
We are constantly learning new ways to defend against exploits, because the exploiters never stop learning new ways to try and gain access to our resources. With the latest wave of threats, however, it is no longer safe to leave cyber security entirely up to your IT/IS team. Your office staff, and, in fact, everyone who uses a networked computer, needs to be trained on the latest wave of serious threats. Everyone who uses a networked computer will be a weak link in the chain, until they accept and internalize their role in protecting the infrastructure. That’s the bad news. The good news is that the cyber security training need not be extensive nor expensive.
One of the most prevalent new exploits is entering networks entirely invited by an email recipient. A user on your network gets an email with an attachment labeled “Order Update List for June 2016” (this is a fictitious example). The user, who normally wouldn’t receive such a document, opens the attachment out of curiosity. The attachment has a malicious payload embedded in it that –BOOM–is now on your network.
What would a criminal hope to achieve on your network? Data–lots of it–is stored on your servers. Names, birth dates, Social Security numbers, business account information, every piece of data you store has a value to you, or you wouldn’t store it. It also has value outside of your perimeters. Stolen data is a lucrative operation, and these programs may provide access to it. Alternatively, these payloads can contain an encryption program that will start encrypting the files on the computer on which it is run. It also moves out to mapped network drives and starts encrypting files on your server shares. It only takes one of these to bring your organization to a grinding halt. If your IT/IS team hasn’t been diligent on backups, and/or doesn’t know how to restore from the backups, your data is held for ransom by this crypto-malware until you pay the ransom.
As unsettling as that is, your users can be quickly trained not to open mail attachments if they don’t understand why they received them. Even expected attachments, if received out of cycle, should be considered suspect. The recipient should call the sender and ask for an explanation. Macros can be helpful in calculating financial transactions, but documents you receive from external sources should not contain macros. Ask senders to send a version of the document with only the data, not the macros. Every business is fighting the same battle against cyber criminals, and we all have to cooperate and work together.
On the sending end, your staff should not be sending documents containing macros outside of the network. If you are sending something out of cycle, be proactive in providing an explanation.
Do you need some more information on this topic? Interplay is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks, and news. Contact us at (206) 329-6600 or support@interplayIT.com for more information.