October was National Cyber Security Awareness Month. Though it is now November, we want to present another very important topic on cybersecurity for you.
Ransomware and Phishing attacks are the most prevalent security risks for small businesses. Though they can hit bit corporations alike, they can be crippling for small businesses due to the cost incurred.
What is Ransomware?
Ransomware is a type of malicious software designed to control access to a computer or computer system until a sum of money is paid to the ransom holder.
What is Phishing?
By definition: Phishing is the fraudulent practice of sending emails purporting to be from reputable companies to induce individuals to reveal personal information, such as passwords, credit cards, or social security numbers.
The Never-Ending Cycle
There are “trends” with both Phishing and Ransomware, caused by a cycle. Here’s how it happens:
- The “bad guys” look for security holes in apps, emails, and other places where users might have contact with a third-party source, such as Microsoft, Google, Facebook, banking, email services, etc.
- Once a security hole is found, they then create a way to manipulate the security hole. This manipulation can happen through many different means and by using very sophisticated methods.
- The attack is executed, often using complicated methods that are difficult for the service or the user to detect.
- As a result, the user is forced to either pay money to retrieve their files from the ransom holder, lose their data to the ransom holder or have their data exposed for other “bad guys” willing to pay money for your information.
- The application owners (i.e. Microsoft, Google, etc.) then have to find ways to close the security hole and stop any damage that has been done.
- Security experts then take over, these are your antivirus applications, malware applications, spam filters, etc. They analyze how this security hole was breached and develop methods for securing and eliminating not only the specific security hole, but others like it, and the methods used.
- The “bad guys” then search for a new security hole in an endless cycle. Most likely they have already moved on to the next possible source before the previous security hole is patched!
The security experts are good at what they do and the software creators are also good at what they do, but they cannot predict every single possible point of access. This is where the user comes in.
Detecting a Potential Attack
There are many ways in which a user can be proactive in detecting a potential threat. Carefully consider the steps below:
- Trust your gut. (If it walks like a duck, and talks like a duck…)
- Mouse-over or hover over the links and email addresses DO NOT CLICK. Is the link coming from where it says it’s coming from?
- Is the English broken, awkward, or punctuated incorrectly? This doesn’t happen as often anymore, but it is still a good indicator.
- Are they promising a reward that’s too good to be true?
- Is there a sense of urgency accompanied by the email?
- Are you, the recipient being addressed normally?
The user has practice responsibility when using third-party services in order to protect their data.
- The number one rule is DO NOT CLICK anything if you do not know exactly what it is!
- NEVER REPLY to an email you may suspect to be illegitimate. This will most likely send your email directly to the bad guys!
- If it appears to be coming from a vendor or customer of yours, pick up the phone and give them a call. “Hey Norm, Did you just send me an email?”
- If it’s asking you to CLICK HERE or similar to login to your account, go to the website as you would normally instead of clicking a link.
- If it appears to be coming from an internal email source, don’t reply directly from the email. Go see them in person, pick up the phone, or send a new email and ASK. “Hey Jim, Did you just send me a request to transfer $10,000?”
- Remember that the consequences are not worth alleviating your curiosity!
- Delete it. If they really want your attention bad enough, they will find a way to contact you otherwise.
The “bad guys” have come up with many methods of trying to trick users into thinking that the phishing or ransomware email that they are sending is legitimate. Why do they do this? Because users fall for it over and over again!
Educate yourself. Educate others. Practice this at home and at work.
“Distrust and caution are the parents of security.” –Benjamin Franklin
About Harbor Computer Services
Harbor Computer Services is an IT firm servicing Southeastern Michigan. We work exclusively under contract with our clients to provide technology direction and either become the IT department or provide assistance to the internal IT they already have. We have won many awards for our work over the years, including the worldwide Microsoft Partner of the Year in 2010. We’re the smallest firm to have ever won this most prestigious award. Most recently we were recognized as one of the top 20 visionaries in small business IT by ChannelPro Magazine (2015). And in 2016 as the top Michigan IT firm for Manufacturing. There are a few simple things that make Harbor Computer Services the best choice for your business. •We are Professionals •We are Responsible •We are Concerned About The Success of Your Business