The rule “If it ain’t broke, don’t fix it” is common for many business owners. It can serve to protect your business against unnecessary costs and unneeded downtime. While protecting your business against many types of danger, it poses a large threat when it comes to your IT security.
What is a virus and is it the same as malware?
Malware describes software designed to act maliciously on a computer. The name ‘malware’ is a shorthand for ‘malicious software’ and describes exactly what it is. A computer virus is a single type of malware that can cause harm to your PC, but it is only one of many. Other types of malware are listed below.
Short for advertising-supported software, adware is a type of malware that delivers adverts to your computer. These advertisements often pop-up and are intrusive, irritating and designed to trick you into clicking something you don’t want. A common example of malware is pop-up ads that appear on many websites and mobile applications.
Adware often comes bundled with “free” versions of software that uses these intrusive advertising to make money. Commonly it is installed without the user’s knowledge and are purposely made to be difficult to remove.
Spyware is designed to spy on the user’s activity without their consent or knowledge. Spyware is often installed in the background, collects keyboard input and can harvest data from the computer, monitor web activity and more.
Spyware typically requires installation to the computer. This is commonly done by tricking users into installing the spyware themselves instead of a software application that they thought they were getting. Victims of spyware are often be completely unaware of its presence until the stolen data is used elsewhere (ie in a fraudulent bank transactions or stolen online accounts).
A computer virus is a form of malware that is installed inadvertently, causing damage to the computer and / or user. A typical virus may install a keylogger to capture passwords, logins and bank information from the keyboard or it might steal or delete data, interrupt programs or cause the computer to crash.
Modern virus programs commonly use your computers processing power and internet bandwidth to perform illegal tasks remotely for hackers. The first sign of this can be when the computer sounds like it is doing a lot of work when no programs are running. A computer virus is often spread through installing unknown software or downloading attachments that contain more than they seem.
Ransomware is a very malicious variety of malware that prevents the user from accessing their own files and data until a ransom is paid. Files within the system are often encrypted with a password that won’t be revealed to the user until they receive money usually in the form of bitcoin.
Instead of accessing the computer as normal, the user is presented with a screen which details the contact and payment information required to access their data again.
Ransomware is typically downloaded through malicious file attachments, email or through a vulnerability in the computer system.
Another type of malware is the computer worm. Worms spread across computer networks by exploiting vulnerabilities within the operating system. Often these programs harm their host networks by consuming large amounts of network bandwidth, overloading computers and using up all the available resources.
While similar to a virus a worm is able to both copies of itself and spread independently. A virus must rely on human activity to run a program or open a malicious attachment while worms can simply spread over the network without human intervention.
If you would like to make your business secure from malware, give us a call at 08 8326 4364 or via email on email@example.com.
Cyber-attacks on your business can be crippling, but there are easy ways to keep the bad guys out. We have written a great eBook listing 7 simple but effective ways to reduce your risk of malware or hacking.
By now you know that improving your cyber security is just as important as improving your cash flow – both are essential to your success. While most businesses keep an eye on the financials, they tend to think cyber security is something they can ignore or just set and forget. Unfortunately, cybercriminals are constantly coming up with new methods of attack and the security you had in place yesterday may not be sufficient today.
Instead of reacting to breaches and taking on the costs of downtime, lost files and destroyed trust, a periodic security assessment can identify blind spots that place you at risk. Once you know about these issues, you can setup adequate protection before cybercriminals strike. It is best to use independent IT experts who can audit your security from an outside perspective, often seeing risks that you would otherwise miss.
Regulations change – Are you affected?
Many businesses need to comply with strict government regulations around the way they store, process and protect data. Their operating license depends on staying as secure as possible. All regulations require regular security assessments but they vary in scope and timeframe. As regulations change, so do the security assessment requirements. You can imagine how much stricter they are now compared to just 5 years ago. Our team can ensure your business is meeting the relevant regulations, diving deep to be certain you are safe.
Security patches and updates are vital
It’s so easy to fall behind on your security patches (both for software and hardware), after all, it seems like there’s a new update every week and each one takes precious time to apply. What we are seeing though, is that cybercriminals are targeting any business running up=patched hardware or software. If you are unpatched, you are an easy target and are inviting the bad guys in. When we conduct your security assessment, we take a look at your history and see if your business has a robust patch plan in place and make sure you are up to date. If there’s an issue that is placing you at risk we will find it.
Viruses are always evolving
Just like the human variety, computer viruses are constantly evolving to skip past anti-virus scans and do damage in new and interesting ways. Cybercriminals know people are more aware of the traditional infection methods like downloading an attachment or inserting an infected USB, so they’re getting more and more creative. Your security assessment doesn’t just include ticking that you have the latest anti-virus, it includes identifying where where your biggest vulnerabilities are. This type of precise awareness has a lasting impact on reducing your risks.
Your business may have changed
As your business has grown over the years your entire setup has changed. More employees, expanded remote access, additional vendors, other locations etc. With each change has come a new risk, particularly if your security has been growing around you. It might be your password policies that haven’t been updated since you began, or that you still have the old voicemail system even though phones are within easy reach of customers. This is perhaps one of the most useful areas a security assessment can help with, as you and your employees are accustomed to the business working in a certain way, whether that way leads to risk or not. Our experts will be able to see things from a different perspective, particularly as we make sure to think the same way a cybercriminal would.
What to do with your assessment results
While many experts might present you with a long list of problems and leave you feeling overwhelmed, our team ensures you have a benchmark for progress. You will know exactly what you need to do, what takes priority and how we can help. You will also know exactly what you’ve done well and where your security strengths lie. Employees will see how much you value security, which in turn helps to create a stable culture, and you’ll be able to report your commitment to customers, confirming they’re making the right choice by staying with you.
Book your security assessment today. Call us at 08 8326 4364 or firstname.lastname@example.org.
Unified Threat Management (UTM) is a special kind of firewall solution focused on proactive protection. Consider it like a team of virtual bodyguards that stand at the door between your business and the internet, keeping trouble out while your legitimate traffic can come and go normally.
With the increasing number of connected devices in your business network and the different ways your employees can now connect, it is more important than ever to set up dedicated security systems that give integrated protection. UTM is a series of solutions that work together, simultaneously layering your protection across the board. We’ll cover the four main inclusions here and show exactly what they can do for your business.
Put simply, a firewall keeps an eye on all the data coming in and out of your network and looks for anything abnormal. While every home PC comes with a software firewall built in, those ones pale in comparison to what a UTM firewall can do. Remember the team of virtual bodyguards? Imagine the home firewall asking nicely if the data should be doing that, while the UTM slams the data to the ground and demands answers. Its job it to make sure the data entering your network is safe, that it is not part of a cyber-attack, and that in the rare event your network becomes infected, your servers aren’t being used to attack another business.
Anti-virus Where it Matters
With so much new malware being released daily, it’s easy to fall behind in updates and discover you’ve been infected. Your employees are likely doing their best, but manually scanning each file can be exhausting and time-consuming. Your UTM anti-virus is built into the firewall, ensuring known or suspicious malware is stopped at the door removing any risk. Clearly that is the best outcome possible and will allow your employees to work at maximum efficiency, while you can run your business with confidence.
Most cyber-attacks come via email these days, with either an attachment or a link. Once clicked, the malware wreaks havoc in your network. Obviously, your employees are smart enough not to open random attachments/links, so hackers use phishing emails. These are emails that look legitimate and may refer to vendors you use, financial services you have accounts with or even seem to be from other employees. Your UTM strips down each email and checks it against high-tech legitimacy markers. If it sees anything suspicious, the email is marked as spam and either held for review or bounced away.
As the phoney emails are blocked, your employees never see the emails so they can’t accidentally open up the network for attack. While the UTM is monitoring for phishing/fake emails, it’s also culling out the general spam that clogs up inboxes. Employees will no longer have to spend precious minutes each day wading through the junk, and the likelihood of missing an important customer email has greatly dropped.
In a perfect world, your employees would only access work-related sites and do work-related things online. Content filtering can help you limit the risk they’re bringing into your business via their Internet browsing. Your UTM can be set to restrict sites that infect computers, such as adult content, gambling or illegal downloads. It can also be used to restrict access to social media sites like Facebook, Twitter or Pinterest, either during work hours or completely. It’s up to your policies how much you’d like to filter and whether to add any flexibility. Some businesses allow social media during lunch breaks or have special reward hours each week. Simple tweaks like this can increase productivity overnight and give you the security you’re looking for.
You can see how a layered security solution like UTM provides a space for your business to thrive, where systems are secure, employees are able to maintain efficiency, and cyber problems stay outside the doors. The way the layers work together is more effective than a patchwork of separate systems, and a UTM is much easier to configure and maintain.
We can find the right UTM solution for your business. Call us today at 08 8326 4364 or email@example.com!
Getting hit with a ransomware attack is not fun, cybercriminals encrypt your data and you are left having to decide: should we pay to get them back? It is a scene that’s played out across the world with 70% of businesses saying “yes” in 2016 alone. Here are six factors to consider if you are ever in this situation.
1) Do you trust them?
Remember that they are criminals holding your data hostage, how confident are you that they will send you the decryption key and that the key will decrypt all your data? The attackers demand you send the payment via untraceable Bitcoin, so you have no recourse if you never hear from them again. You are also equally trapped if they decide to come back with increasingly higher demands. If they do send the decryption key, be aware they still have access to your systems and can hit you again at any time until your network is fixed by experts. Businesses don’t exactly want their breach publicised, so many don’t admit to paying the ransom, whether it went to plan or otherwise.
2) Can you manage the impact?
The best case scenario is that you can wipe the affected drives and restore from a clean backup without paying the ransom. You may even decide that the encrypted files aren’t that important and simply let them go and just wipe the infected machine. On the other hand, if your data management comes under any special regulations, like health or legal, you may find that the attack has a much wider impact. The attacker will also motivate you to pay the ransom quickly with a countdown and a threat of total deletion when it hits zero. Remember that if the data isn’t that valuable, or you have confirmed backups, this urgency should have no effect on your plans. T
3) How much do they want?
Cybercriminals rarely send out attacks with set amounts, instead, they prefer to customize the ransom based on how much they think you can pay. Large corporations and hospitals are hit with very high demands, while small business demands are more modest. Different countries or regions are also charged differing amounts. They may be “bad guys”, but they are smart people who know your financial limits. They also consider how much similar businesses have paid previously and expect you to follow suit.
4) Are your backups any good?
Always check your backup to confirm that they are working, that the correct data is being backed up and that you can recover the data from them. Many businesses are discovering too late that their backup systems are not robust enough. Either the backup has become infected too, they weren’t up-to-date or they backed up the wrong data. It is imperative that you at least do some quick backup checks to ensure you can recover all your data in case the unfortunate happens.
5) What are you policies?
Businesses are now adding ransomware to their disaster recovery plans and have predefined actions mapped out. Seemingly simple inclusions like who has final say over the payment decision can stop chaos in its tracks. Employees and management alike can then approach the situation calmly and make the best decisions for the business.
6) Stay safe in the first place
Ransomware is not slowing down and all factors say it will increase. As more businesses pay the ransom the cybercriminals are steadily launching new attacks and making it their full-time job. Most of the attacks come via phishing emails – those emails that trick employees into clicking a link – and they can be extremely convincing. While training staff helps, it’s no guarantee. We recommend using business-class spam filters to catch these types of emails before they land in your inboxes so that triggering a ransomware attack becomes something that happens to other businesses and not yours.
Secure your data systems and check your backups now. If you need help, contact us on 08 8326 4364 or firstname.lastname@example.org.
Fifteen years after the Internet world united to crack down on spam emails, we are all still struggling with overloaded inboxes. All that unwanted email continues to flood the internet, much of it targeted towards small businesses and the impact goes wider than you might think. Here’s the breakdown of how modern spam works and how it is hurting your business.
What is spam?
Spam is any unwanted message that lands in your email, comes via text, social media messaging or any other communication platform. It might be sent to your main business account, eg your ‘contact us’ email or directed to your employees. Most of the time, spam are annoying but relatively innocent messages from another business inviting you to buy, do or see something. They are newsletters, reminders, invitations, sales pitches, etc. You may know the sender and have a previous relationship with them or they might be a complete stranger. Spam may even be part of a cyber attack.
Why you are getting spammed.
Maybe you or your employee signed up for a newsletter or bought a raffle ticket to win a car. Perhaps you got onto the mailing list accidentally after enquiring about a product, not knowing that simply getting a brochure sent through would trigger a spam avalanche. Often there is fine print that says they’ll not only use your details to send you their marketing, but they’ll share your details with 3rd parties so that they can send you messages too. That single email address can be passed around the internet like wildfire and before you know it, you are buried under spam. Sometimes your details are found through a hacked website, like the recent LinkedIn leak. More often though, your email is simply collected by a computer ‘scraping’ the internet – scouring forums and websites for plain text or linked emails and selling them to spammers. It is easy to see now, how individual office employees receive an average of 120 emails daily, over half of which are spam!
More than annoying.
We all know spam is annoying but did you know it’s also consuming business resources? Your employees are spending hours each week sorting their email, assessing each one for relevance and deleting the spam. Your email servers along with your Internet links are getting clogged with the spam flowing into your business. Too often, legitimate emails from clients and customers get caught up and are accidentally deleted. Plus the temptation to read the more interesting spam emails and productivity drops to zero. On the other side of the business, your email server might be dedicating storage and processing power to spam emails, occasionally to the point where inboxes get full and real mail is bouncing out. While most spam is simply an unwanted newsletter or sale notice, there is also the risk that any links may be a cyber-attack in disguise. Remember one click can open the door to viruses, ransomware, phishing or other security issues which a hacker can then take advantage of.
How to stop the spam?
Take control of your email and talk to us about your anti-spam protections. Call us at 08 8326 4364 or email@example.com.
Severe design flaws in modern CPUs were recently discovered and made public. These flaws put users and businesses alike at risk of attacks known as Spectre and Meltdown, where private data can be called up and stolen.
Chip manufacturers including Intel and ARM have responded by working with software developers to correct the flaws, however these fixes are affecting computer performance. Discover exactly how this vulnerability works, how you’ll be impacted, and what you can do to protect your systems.
We have written a free Ebook that explains these vulnerabilities in more detail and also covers:
Click here to subscribe to our monthly newsletter and access your copy of this book. If you are already a subscriber and would like a copy please email firstname.lastname@example.org.
At last count, Facebook has clocked up over 2.7 billion users, this makes the platform more attractive than ever for scammers and hackers. While you may be logging in to share your latest family photos or catch up with friends, the chances of accidentally triggering a scam or malware are increasing every day. Here are some tips on how to stay safe on Facebook and stop the spread of scams.
Look out for freebies and surveys
Everybody loves a freebie but when you see a giveaway for vouchers from a mega-store, alarm bells should ring. ‘Complete this survey and we’ll send you a $50 Amazon Voucher!’ – is too good to be true. Even one click can take you on a messy journey through the underbelly of the web, picking up trackers and malware at every step and then you are asked to share the post so your friends can get a voucher too…except nobody ever receives the reward. So stop it at the start and never click on these scam offers.
Check your permissions with games and quizzes
Whenever you access a new game or quiz, you’ll need to give it permissions to access your Facebook profile. Most people click the okay button without any thought, but if you review the permissions you are giving, you will often find they are asking for a massive amount of unneeded personal data; this data can include your public profile, friend list, email address, birthday and newsfeed. Do they really need access to ALL this information? Sometimes the shakedown is from necessity, but sometimes the apps are preparing to launch attacks against you both on and off Facebook. For example, when you call your financial institution bank they ask certain questions like your full name, birthday and maybe which high school you went to. All that information is in your Facebook profile and now shared with your permission to an unknown entity.
Don’t friend people you don’t know
Having lots of friends is always nice, but that friend accept may end up costing you. It might be someone pretending to know you, or a picture of a pretty girl to entice men (and vice versa). Once you friend them, they will get access to everything your friends can see. In this case, it’s more than the risk of someone knowing your personal data, you’ve just given them access to intimate details of your life. It’s exactly how romance scams start, and there are even cases where the victim finds photos of their children circulating the internet.
If it is weird, forget it
It doesn’t happen very often, but hackers find ways to take advantage of flaws in Facebook. A common hack that keeps popping up in various forms is to embed malware in a link. The virus then infects your machine and contacts all your friends with an enticing message, like asking whether a picture is of them. When they click to view the picture, the virus catches them and their friend list, and keeps on spreading. Facebook is pretty good at staying on top of these flaws, but they need time to fix it. Just like if you got a weird email with an attachment from a friend, use that same level of scrutiny in your Facebook and don’t open messages or links that seem out of place.
Need help securing your privacy? Talk to us. Call us at 08 8326 4364 or via email at email@example.com
Ransomware and most malware attacks start in two main ways. A booby-trapped email with a malicious attachment or via a compromised website; which then work their way down to your endpoints and servers.To stop these attacks, it is critical that you have a multi layered approach to security.
This starts with a training your employees and patching your devices right through to cloud based malware filters, dedicated hardware firewalls and corporate grade security applications on each device.
The eleven best security practices to apply now are:
- Employee training
Regular training for employees is essential. Employers need to inform their staff on what to look out for and don’t trust the contents of every email they receive.
- Patch early, patch often
The sooner you patch Windows the fewer holes there are for ransomware to exploit.
Backup regularly and keep a recent backup copy off-line and off-site. Offline and off-site means ransomware can’t get to it. With recent backups data loss can be minimized.
- Implement corporate grade security software
A free antivirus program might be ok for home use but do you really want a free program protecting your confidential business data and financial information?
- Install a firewall or UTM
You probably don’t just rely on a cheap door lock on the front door of your house so why rely on a basic firewall on the electronic entrance to your business?
- Enable cloud based email filtering
Don’t rely on your local antivirus software detecting and stopping malware within your email application. Block it before it even enters your network by using using a cloud based filter – one that uses multiple filters is even better.
- Enable file extensions.
Enabling extensions makes it much easier to spot file types that wouldn’t commonly be sent to you.
- Disable Macros
Don’t enable macros in document attachments received via email. A lot of infections rely on persuading you to turn macros on, so don’t do it!
- Be cautious about unsolicited attachments
If you aren’t sure – don’t open it. Check with the sender if possible.
- Admin Login Rights
Don’t have more login power than you need. Having administrator rights may bake things easier for administration but they also give malware free ranges on your computer and network. An infection which may be able to be contained to one device could become a network disaster is the malware exploits admin rights.
- Keep applications up to date.
Stay up-to-date with new security features in your business applications
For example Office 2016 now includes a control called “Block macros from running in Office files from the internet”.