No Opportunity to Relax on Cyber Security

BY:

Aug 9, 2016

Not so long ago, if your organization had a robust security suite that included a firewall and antivirus, you could feel reasonably secure. The antivirus vendors spent a lot of time and manpower keeping up with the software code, or “signatures,” that identified malicious code trying to enter your network. As long as your IT group kept the signatures updated according to the vendor’s recommendations, and your firewall access parameters were fairly stiff, you were doing just about all you could do–or needed to do.

Cyber Security

We are constantly learning new ways to defend against exploits, because the exploiters never stop learning new ways to try and gain access to our resources. With the latest wave of threats, however, it is no longer safe to leave cyber security entirely up to your IT/IS team. Your office staff, and, in fact, everyone who uses a networked computer, needs to be trained on the latest wave of serious threats. Everyone who uses a networked computer will be a weak link in the chain, until they accept and internalize their role in protecting the infrastructure. That’s the bad news. The good news is that the training need not be extensive nor expensive.

One of the most prevalent new exploits is entering networks entirely invited by an email recipient. A user on your network gets an email with an attachment labeled “Order Update List for June 2016” (this is a fictitious example). The user, who normally wouldn’t receive such a document, opens the attachment out of curiosity. The attachment has a malicious payload embedded in it that –BOOM–is now on your network.

What would a criminal hope to achieve on your network? Data–lots of it–is stored on your servers. Names, birth dates, Social Security numbers, business account information, every piece of data you store has a value to you, or you wouldn’t store it. It also has value outside of your perimeters. Stolen data is a lucrative operation, and these programs may provide access to it. Alternatively, these payloads can contain an encryption program that will start encrypting the files on the computer on which it is run. It also moves out to mapped network drives and starts encrypting files on your server shares. It only takes one of these to bring your organization to a grinding halt. If your IT/IS team hasn’t been diligent on backups, and/or doesn’t know how to restore from the backups, your data is held for ransom by this crypto-malware until you pay the ransom.

As unsettling as that is, your users can be quickly trained not to open mail attachments if they don’t understand why they received them. Even expected attachments, if received out of cycle, should be considered suspect. The recipient should call the sender and ask for an explanation. Macros can be helpful in calculating financial transactions, but documents you receive from external sources should not contain macros. Ask senders to send a version of the document with only the data, not the macros. Every business is fighting the same battle against cyber criminals, and we all have to cooperate and work together.

On the sending end, your staff should not be sending documents containing macros outside of the network. If you are sending something out of cycle, be proactive in providing an explanation.

Do you need some more information on this topic? {company} is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks, and news. Contact us at {phone} or send us an email at {email} for more information.

Related Blogs

  • On a blue background are the letters AI in white. Superimposed over this is a robotic face wrapped with a connectivity symbol. A word bubble says can I help you." alt="">
    How AI Chatbots are Changing the Call Center Game

    With Amazon Lex Chatbots and Contact Lens, you can create tomorrow’s customer experience today. Key Takeaways: AI chatbots are revolutionizing not just call centers, but the way customer service is...

    Learn More
  • Six office workers sit at computers on opposite sides of a table in a brightly lit office." alt="">
    4 Challenges of Managing WorkSpaces at Scale and How to Solve Them

    A skills gap in IT staff and rising employee costs make managed services the right choice Key Takeaways: Research says it takes a minimum of 10 dedicated full-time IT staff members to manage DaaS...

    Learn More
  • The customer call center in an AI world." alt="">
    How Artificial Intelligence Is Reinventing the Call Center

    Today’s most important AI call center trends – is your call center ready for them?  Key Takeaways:  Learn how to improve customer service operations using automation while still providing...

    Learn More