For a business to suffer a cyber attack is bad. For a business with an entire company branch specializing in IT security and data loss prevention to suffer a cyber attack. That is exactly what happened to DLA Piper. One of the world’s largest law firms, employing more than 4,000 attorneys in more than 40 countries. They have a wide range of branches, including: Intellectual Property, and IT Security. Nine days later, the company was still struggling to get its systems back up and running
Cyber Attacks Can Happen to Anyone!
How Can You Protect Your Business?
It is virtually impossible to run a business today that doesn’t use electronic data and record keeping in some fashion. As a result Security risks are an unfortunate but a real threat for just about every business
There are steps you can do to help protect yourself and your Website
Monitor Your Website
You can bet that even if you’re not monitoring your website, hackers are. And all the time just waiting for you or an employee to make a simple mistake
Keep your Computers up to date
One of the simplest strategies you can do is ensuring that your entire network is up to date. This means paying attention all notifications regarding updates to your operating systems, your anti virus software, web browsers and firewalls. Ignoring any of these will leave openings in your security system
Create Strong Passwords
Most all Security Experts state that you should never use the same password for all of your accounts. Once into one account, their into all your accounts. Try to create diverse passwords that combine numbers, symbols and other factors to ensure it is safe and secure. Use strong random passwords, changed often, and guarded closely
Control Access
Hackers are never to be in your networks, website, or data. But neither are some employees. Yet many businesses allow their employees to access all kinds of sensitive resources that they have no reason to access. By restricting access to key assets, like your website, you minimize the risk of a careless employee handing over the keys or opening doors they should not open
Patch those Weak Points
Many attacks on businesses are exploits of holes the hackers found before you did. And no doubt because they were looking for the holes when you were not. For most businesses most of those holes are in their websites, and mainly caused by either poor security configuration or a failure to update programs and third-party plugins
Be choosy with Plugins
One of the great things about developing a website today is that you don’t have to develop much. There are thousands of developers who offer great tools at affordable prices that can be plugged in and running in a matter of minutes. But that comes with a downside, if those plugins are not free from major vulnerabilities. Like the case of a famous SEO plugin for WordPress that is used by millions but was recently found to have a major security hole
Outsmarting the Smart Devices
Mobile Devices have become the bane of many businesses, particularly as employees use them for both personal and business tasks. But they come with risks. Especially privacy and security risks, The theft of a smartphone or tablet, or an employee who downloads malware to one of those devices, can expose valuable business information or create a backdoor for hackers
Block .EXE files in emails
A .EXE file is a file designed to execute a program of some type. Most of the programs you interact with on a daily basis, from your web browser to your video games, using .EXE files to run. But there would be very few legitimate reasons to send .EXE files via email. Configuring your gateway mail scanner to filter out .EXE files can help you avoid some of these malicious attacks
Change Your File Associations
.EXE files are not the only files that can put your computer at risk, though they’re some of the most common. But there is an entire collection of other risky file types as well. Fortunately, many of these file types can be run using a text editor like Notepad or TextEdit. And by setting your machine to run them in Notepad instead of executing their code, you can stop attacks that make use of these file types. It will just open a .txt document with their code in it, rendering it harmless. To do this for Mac's go here. For Widows, open the "Control Panel", click on “Programs”, then click on “Set your default programs”. The window that appears will list all the file types your computer recognizes and the programs associated with them
Find the following list of file extensions, and set them to open with Notepad
. JS
. JSE
. HTA
. WSC
. WS
. WSH
. WSF
. VBS
Doing this will stop 90% of the infected email attachments from running, which is how 95% of mailware infect your machines
Screen Who You Hire
Be careful on who you hire and make sure they are the kind of people that will follow your security rules, understand their role in protecting their workplace, and not engage in behavior that can put your business at risk
Cybersecurity Training for Your Employees
Your employees can be your best defense or your greatest vulnerability. “Employees are the biggest risk for firms”. Training needs to be conducted regularly, not just once a year. It also needs to be varied, both in method (such as in-person, email, blogs) and with different topics (such as passwords or visitor access) to engage your employees
Be Proactive About Malware
New malware is surfacing at the rate of 160,000 different varieties daily. If that pace continues, by the end of this year there could be more than 50 million varieties of malware. To add to the hundreds of millions already out there. Most malware consists of smart and dangerous Trojans that get smarter every day. If you’re not proactive about avoiding malware, chances are they will get in
Finally: Think Like a Hacker
Who would want to hack into your business, computer or website. What would they be looking for? Keep asking yourself that question. Look at your website like a hacker would. Look at your employees and their behavior, your email, the way you protect your information and what kind of information it is. The view from outside is always different than from the inside
Department of Homeland Security
Direct quote from their web site
https://www.dhs.gov/how-do-i/protect-myself-cyber-attacks
The following preventative strategies are intended to help our public and private partners pro-actively look for emails attempting to deceive users into "clicking the link" or opening attachments to seemingly real websites:
- Never click on links in emails. If you do think the email is legitimate, whether from a third party retailer or primary retailer, go to the site and log on directly. Whatever notification or service offering was referenced in the email, if valid, will be available via regular log on
- Never open the attachments. Typically, retailers will not send emails with attachments. If there is any doubt, contact the retailer directly and ask whether the email with the attachment was sent from them
- Do not give out personal information over the phone or in an email unless completely sure. Social engineering is a process of deceiving individuals into providing personal information to seemingly trusted agents who turn out to be malicious actors. If contacted over the phone by someone claiming to be a retailer or collection agency, do not give out your personal information. Ask them to provide you their name and a call-back number. Just because they may have some of your information does not mean they are legitimate!
Other practical tips to protect yourself from cyber-attacks:
- Set secure passwords and don't share them with anyone. Avoid using common words, phrases, or personal information and update regularly
- Keep your operating system, browser, anti-virus and other critical software up to date. Security updates and patches are available for free from major companies
- Verify the authenticity of requests from companies or individuals by contacting them directly. If you are asked to provide personal information via email, you can independently contact the company directly to verify this request
- Pay close attention to website URLs. Pay attention to the URLs of websites you visit. Malicious websites sometimes use a variation in common spelling or a different domain (for example, .com instead of .net) to deceive unsuspecting computer users
- For e-Mail, turn off the option to automatically download attachments
- Be suspicious of unknown links or requests sent through email or text message. Do not click on unknown links or answer strange questions sent to your mobile device, regardless of who the sender appears to be
Learn More about Cyber Attacks
> Advice about common security issues for non-technical computer users
> Information about current security issues, vulnerabilities, and exploits
> Weekly Summary of New Vulnerabilities
> OnGuardOnline.gov
Related Posts
Should you use a VPN when traveling?
How to outsmart your smart device
Is your mobile transaction secure?
How to create a good password
Surfing the web - safely
Risks of using a public Wi-fi
Comments, questions or leave a reply
Contact Us Anytime
Message Sent
Error
Sorry there was an error sending your form
COMMENTS
Thomas R
This is very beautiful post for the small business
Tweet Share Pin Tumble Email
