No Opportunity to Relax on Cyber Security

BY:

Not so long ago, if your organization had a robust security suite that included a firewall and antivirus, you could feel reasonably secure. The antivirus vendors spent a lot of time and manpower keeping up with the software code, or “signatures,” that identified malicious code trying to enter your network. As long as your IT group kept the signatures updated according to the vendor’s recommendations, and your firewall access parameters were fairly stiff, you were doing just about all you could do–or needed to do.

Cyber Security

We are constantly learning new ways to defend against exploits, because the exploiters never stop learning new ways to try and gain access to our resources. With the latest wave of threats, however, it is no longer safe to leave cyber security entirely up to your IT/IS team. Your office staff, and, in fact, everyone who uses a networked computer, needs to be trained on the latest wave of serious threats. Everyone who uses a networked computer will be a weak link in the chain, until they accept and internalize their role in protecting the infrastructure. That’s the bad news. The good news is that the training need not be extensive nor expensive.

One of the most prevalent new exploits is entering networks entirely invited by an email recipient. A user on your network gets an email with an attachment labeled “Order Update List for June 2016” (this is a fictitious example). The user, who normally wouldn’t receive such a document, opens the attachment out of curiosity. The attachment has a malicious payload embedded in it that –BOOM–is now on your network.

What would a criminal hope to achieve on your network? Data–lots of it–is stored on your servers. Names, birth dates, Social Security numbers, business account information, every piece of data you store has a value to you, or you wouldn’t store it. It also has value outside of your perimeters. Stolen data is a lucrative operation, and these programs may provide access to it. Alternatively, these payloads can contain an encryption program that will start encrypting the files on the computer on which it is run. It also moves out to mapped network drives and starts encrypting files on your server shares. It only takes one of these to bring your organization to a grinding halt. If your IT/IS team hasn’t been diligent on backups, and/or doesn’t know how to restore from the backups, your data is held for ransom by this crypto-malware until you pay the ransom.

As unsettling as that is, your users can be quickly trained not to open mail attachments if they don’t understand why they received them. Even expected attachments, if received out of cycle, should be considered suspect. The recipient should call the sender and ask for an explanation. Macros can be helpful in calculating financial transactions, but documents you receive from external sources should not contain macros. Ask senders to send a version of the document with only the data, not the macros. Every business is fighting the same battle against cyber criminals, and we all have to cooperate and work together.

On the sending end, your staff should not be sending documents containing macros outside of the network. If you are sending something out of cycle, be proactive in providing an explanation.

Do you need some more information on this topic? {company} is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks, and news. Contact us at {phone} or send us an email at {email} for more information.

Related Blogs

  • " alt="">
    CloudHesive Receives Prestigious Deloitte Technology Fast 500 Award

    We’re thrilled to announce that CloudHesive has been named a Deloitte Technology Fast 500 award recipient, a recognition of our steadfast commitment to innovation and rapid growth in the...

    Learn More
  • The image displays an orange background with a paper cutout of human figures all connected in a semi-circular pattern." alt="">
    From Setup to Success: A Comprehensive Guide to Implementing Amazon Connect Services

    Keys to implementing Amazon Connect Services  Customer service life before Amazon Connect consisted of one of two options: Flipping through massive notebooks of instructions and using multiple tools...

    Learn More
  • " alt="">
    The Benefits of Using Amazon Connect and Contact Lens for Transcriptions

    How to improve transcriptions and more with Contact Lens Transcriptions enable higher quality and more consistent customer service. Customer and agent conversations are filled with data, and this...

    Learn More