End User Best Practices
On the heels of the recently published CryptoWall blog, I have seen yet another attack propagated across a network. In this case, the client had numerous users who heedlessly browsed, downloaded, opened, or shared files. The end result underscores the critical need for user education.
Why do I keep getting infected?
Just like the definition of insanity (repeating the same behavior over and over again and expecting a different result), the answer lies in the sites you browse and the activities you pursue. A hacker’s easiest means of gaining access to your system is by injecting code or downloadables into what appear to be innocent sites, games, and applications. An infection teaches you the consequences of surfing seedy sites, downloading freeware and illegal music, and engaging in other risky behavior. Knowledge is power. By resuming bad behavior, you increase your risk of having your data stolen, getting your accounts hacked, and becoming a complete liability to your company. The saying “nothing in life is free” rings true; you get what you pay for.
But I only logged onto what I thought was my banking site from an email?
Just because an email appears legitimate, it may not be. Phishers use their biggest hook – very convincing and well-designed HTML email templates – to reel you right in. You could receive an email that mirrors the messages typically received from your bank, shipping company, or any other vendor. Keep in mind that the financial industry and other popular industries are targets hackers use to reach you. When opening a link in your email, be sure to check the sender and to verify the origins of the message. Also, review the entire web link before you click it. If you do, you may quickly notice that the url reads www.mybank.de.blah.blah.html instead of displaying www.mybank.com/login, as it should. If you click the spurious link, you immediately land in disaster recovery mode.
How can I be more secure and not pose a risk to myself and to my company?
While there is no foolproof way to avoid these issues completely, understanding safe browsing practices is the best way to start. Use the following guidelines:
• Exercise caution when browsing and downloading, even when visiting familiar sites.
• Avoid “free” offerings from sites such as ZDNet and CNet.
• Stay away from sampling free games or clicking unknown links on Facebook.
• Resist illegal peer-to-peer (P2P) and bit torrent downloads.
• Be sure to obtain a legitimate and proven AV scanner and anti-malware solution.
• Confirm the sources of emails with links or attachments, and verify the legitimacy of all links.
• Scan your PC regularly.
When downloading new applications, obtain your software directly from the developer. Most legitimate developers (Adobe, Firefox, and others) offer free versions of their products and offer links to download their software directly. You should never download these commercial products from a third-party site. Carefully note the software installation settings as you advance through the installation process; check for what may accompany the software you are installing. Moreover, do not use your work PC for personal browsing or downloading. While you may not know it, your IT staff knows exactly where the malware came from and who launched it.
The best way to avoid posing a danger to yourself and to your organization is to hire a skilled consultant to minimize your risk. Echo Technology Solutions is the perfect choice to help keep your business secure. Our qualified team provides dedicated training and guidance to meet your toughest challenges. When an attack does happen, ECHO is there to put the pieces back together.
The Hidden Cost of Carelessness
Unfortunately, the heedless exploration of free web material can cost you and your company much more than you realize. As a web user, you should approach web security from the perspective of going on vacation and leaving the back door unlocked during your trip. Certainly, you would not do that to your home. You should take the same precaution when using your computer and surfing the web.
It is unlikely you will ever be 100% free from the types of pervasive attacks that exist. Nothing can stifle human curiosity, no matter how hard we may try. Indeed, we are our own worst enemy. Even as a seasoned IT professional, I have encountered exploits of my personal machines, derived from tracking cookies linked to a Facebook game, or from downloading software from a third-party site. When I experience such attacks, I contact the vendor or publisher to report the issue, and then avoid the source at all costs. I am extremely cautious about where I surf and what I download. As a result, the number of personal computer infections I have had in the last five years is minimal.
From a business standpoint, cleaning up malware infection that has spread across a company network is one of the most expensive operations your business can incur. Not only does the infection deal a giant blow to productivity, but it may also lead to significant downtime, and increased IT costs. Additional time is lost while the IT team tracks impacted locations and runs file level restore operations to rescue missing and compromised data.
Echo Technology Solutions possesses the capacity and resources to help you lock down your infrastructure and provide best practices training to end users. We also have reactive teams standing by to provide emergency disaster response when an attack does happen. We offer round-the-clock monitoring, patch management, proactive remediation, and much more. Let us help you secure your infrastructure today!
Cheers, and happy, safe computing!