No Opportunity to Relax on Cyber Security

BY:

Aug 9, 2016

Not so long ago, if your organization had a robust security suite that included a firewall and antivirus, you could feel reasonably secure. The antivirus vendors spent a lot of time and manpower keeping up with the software code, or “signatures,” that identified malicious code trying to enter your network. As long as your IT group kept the signatures updated according to the vendor’s recommendations, and your firewall access parameters were fairly stiff, you were doing just about all you could do–or needed to do.

Cyber Security

We are constantly learning new ways to defend against exploits, because the exploiters never stop learning new ways to try and gain access to our resources. With the latest wave of threats, however, it is no longer safe to leave cyber security entirely up to your IT/IS team. Your office staff, and, in fact, everyone who uses a networked computer, needs to be trained on the latest wave of serious threats. Everyone who uses a networked computer will be a weak link in the chain, until they accept and internalize their role in protecting the infrastructure. That’s the bad news. The good news is that the training need not be extensive nor expensive.

One of the most prevalent new exploits is entering networks entirely invited by an email recipient. A user on your network gets an email with an attachment labeled “Order Update List for June 2016” (this is a fictitious example). The user, who normally wouldn’t receive such a document, opens the attachment out of curiosity. The attachment has a malicious payload embedded in it that –BOOM–is now on your network.

What would a criminal hope to achieve on your network? Data–lots of it–is stored on your servers. Names, birth dates, Social Security numbers, business account information, every piece of data you store has a value to you, or you wouldn’t store it. It also has value outside of your perimeters. Stolen data is a lucrative operation, and these programs may provide access to it. Alternatively, these payloads can contain an encryption program that will start encrypting the files on the computer on which it is run. It also moves out to mapped network drives and starts encrypting files on your server shares. It only takes one of these to bring your organization to a grinding halt. If your IT/IS team hasn’t been diligent on backups, and/or doesn’t know how to restore from the backups, your data is held for ransom by this crypto-malware until you pay the ransom.

As unsettling as that is, your users can be quickly trained not to open mail attachments if they don’t understand why they received them. Even expected attachments, if received out of cycle, should be considered suspect. The recipient should call the sender and ask for an explanation. Macros can be helpful in calculating financial transactions, but documents you receive from external sources should not contain macros. Ask senders to send a version of the document with only the data, not the macros. Every business is fighting the same battle against cyber criminals, and we all have to cooperate and work together.

On the sending end, your staff should not be sending documents containing macros outside of the network. If you are sending something out of cycle, be proactive in providing an explanation.

Do you need some more information on this topic? {company} is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks, and news. Contact us at {phone} or send us an email at {email} for more information.

Related Blogs

  • amazon connect salesforce CTI integration" alt="">
    4 Ways Sales Teams Benefit From Amazon Connect and Salesforce CTI Integration

    One of the best ways to unlock more sales and revenue is to connect the systems your sales teams rely on the most While customer relationship management (CRM) platforms have been around for decades,...

    Learn More
  • Cold Transfers with Amazon Connect" alt="">
    Managing Cold Transfers with Amazon Connect

    There’s a right way and a wrong way to set up call transfers in Amazon Connect, and it could make all the difference between a customer’s experience with your contact center. One of the most...

    Learn More
  • Amazon Connect’s integration with Service Cloud" alt="">
    Amazon Connect, Service Cloud Voice and Salesforce CTI Enable Total Customer-Facing Integration

    Why Amazon Connect’s integration with Salesforce Service Cloud Voice dramatically improves customer service and communication Customers are the root of your business. Being able to connect with...

    Learn More