You may not think your home or business network is a target for hackers, but nothing could be further from the truth. Many schemes today are focused on ransoms or scare tactics, and typically try to scam businesses or consumers for small amounts – which increases the likelihood you’ll pay up.
Malware which encrypts your files, such as CryptoLocker or CryptoWall, can come through an email or by visiting a website infected with the malware. Once on your computer, it encrypts the files so they are useless. The only way to get the information back is to restore from a backup, or pay the ransom. While the ransoms have been around $300, one of the most recent variants was as little as $100. However, you only have short window to pay – usually 7 days – before the ransom doubles or triples.
Sometimes, the attack doesn’t use technology but instead is socially based. Social engineering, as its known, is when an attacker tries to lure you into providing information – such as a bank account number or personal information – so they can conduct their scam. They may pose as a coworker, and send an email from a domain name that’s similar to your own – perhaps one character off – so you may not notice it. These attacks can be very tricky to identify, so it’s important to be vigilant and to scrutinize anything that seems even a little out of the ordinary.
Following some best practices can help reduce the impact of these ransoms and scams.
1. Install a good antivirus program, and make sure its updating. Software can malfunction, so it’s important to periodically check the status of your antivirus. Make sure its running “real-time” or “on-access” scanning by reviewing the settings, as this ensures the program is scanning every file you touch.
2. Backup your files, and keep them offsite. If you backup to a USB hard drive or thumb drive, it’s possible the virus can infect that device too – so your backups become worthless. Use a cloud backup for maximum protection.
3. Keep your computer operating system up to date, and update all applications. Your web browser, such as Internet Explorer or Chrome, also needs updates periodically. Windows Update will handle Internet Explorer, and Chrome updates automatically as well. If you prefer another browser, check their website for instructions to update it.
4. Use a firewall with security services, such as antivirus, antispyware and intrusion prevention. These features are found on most business class firewalls, but need to be enabled and maintained with a subscription from the vendor. As you browse the web or receive emails, the information is inspected by the firewall before it reaches your computer. If something is detected, the firewall will block it.
5. Never let someone you don’t know take remote control of your computer. This may seem obvious, but I’ve encountered dozens of cases where an advertisement pops up, claiming your computer is infected and offering to “clean” it for a fee. Often, a remote control session is offered, and the remote operator takes control of your computer – sometimes with disastrous results. If this happens, immediately shut down the computer and have a professional IT person take a look.
6. Don’t allow vendors or guests to connect to your private network. Even the best intentioned individuals can unknowingly have an infected device, and connecting to your network could potentially spread that virus. Having a “guest” network that is separate from your private network is best.
7. Use a VPN (Virtual Private Network) when remotely accessing your network. A VPN not only protects the information flowing between your remote computer and the office, it also protects your network from external attacks.
8. Have your network scanned for potential security flaws. With new security risks being discovered every day, your once secure network could become vulnerable overnight. There are vendors that can scan your network from the outside, and provide a report outlining any findings. Quarterly scans should be performed at a minimum, and more if your environment dictates a higher degree of security.