Whether you are a small-business owner or work within a larger corporation, your company is vulnerable to cyber scams, malware, and viruses. Protecting yourself and your business not only is crucial to profitability now, but also might even be crucial to the longevity of your company. Since technology changes frequently and the criminals exploiting it are technically advanced, it may feel overwhelming to even begin understanding how these malicious attacks work.
It may even seem unnecessary to understand these potential threats, but, similar to understanding how moisture negatively affects wood, if we can understand how cyber scams work, we can more easily identify and avoid them. In this article, I will attempt to explain two of the most significant threats facing any of us with internet access.
Simply put, ransomware is malicious software (malware) that locks the files on your system and then notifies you of its existence, giving you details regarding whom you can pay to unlock your files.
I observed a real-life ransomware attack and was almost in awe as I watched it lock entire folders of files at a time. Although the user who clicked on the link notified me immediately of the attack, the malware quickly spread throughout a network of files before it was eventually stopped and reversed.
It is possible to recover from ransomware, even without paying the ransom. If the proper preventative actions have been employed, the damage can be minimized or even avoided. Even though a reversal of the damage was possible in the experience I had, days of productivity were lost as the files were restored.
To understand cryptojacking, we have to first understand cryptocurrencies, the actual target of the malware. Cryptocurrencies are digital forms of payment, aka “computer money,” and bitcoin is the most commonly known.
Cryptocurrencies are not connected to the government, making their value unaffected by inflation or other government actions. Cryptocurrencies are also quite volatile, with the value of bitcoin dropping from nearly $20,000 in December 2017 to $3,200 just one year later. To increase the size of one’s digital wallet, one can “mine” the currency, meaning that he or she can perform a function that is part of the built-in regulatory process since cryptocurrency is not regulated by the government.
Cryptojacking is when cybercriminals use a network of infected systems to “mine” the currency. Mining alone is not illegal; however, when cybercriminals infect others’ systems to mine for cryptocurrency, that is quite illegal.
How do these things happen?
Most malicious software comes from infected links in emails, documents, websites, and thumb drives. As individuals who use these methods of communication, we are the best ones to stop them in their tracks.
Example of an infected email:
When presented with an email of this nature, it’s best to ask several questions before proceeding:
- Did I ask for this email?
- Do I know the sender?
- Is it necessary I click on this now?
If any answers are “no,” then there is no reason to click. It’s much more likely that it’s a virus than not.
Not all is lost
With understanding comes awareness – awareness of how easy it is to have malware infect our systems and awareness of how one malicious email attachment downloaded and opened can be the difference between working and not. Well-known antivirus company Symantec states that one in 13 web requests leads to malware.
Even systems that previously weren’t targets are now seeing a rise in malware. Symantec reports that there was an 80 percent increase in new malware on Mac computers in 2017, plus nearly 24,000 malicious mobile apps are blocked every day.
This all sounds hopeless, like the criminals are smarter than we are and we should just give up, right? I say no. In fact, I believe it’s easier – and cheaper – to be proactive and avoid these pitfalls before they happen.
This awareness isn’t meant to scare us, but to alert us to possible intruders. If we reacted to unknown entities on our computers the same way we acted when a stranger approaches our house, we might find ourselves less susceptible to the threats identified previously and
What each of us can do
Step one is to secure our “home” in layers. Just like our homes may have multiple forms of protection, so should our computer systems. Anti-malware software, antivirus protection, and spam filters are all necessary security expenses that we should welcome to avoid more extensive and costlier problems. Your IT staff or a consultant should be able to guide you in the right direction of these proactive solutions.
Step two is to fully understand and train all staff on the potential threats and what we can do to avoid them. Simply put, don’t answer the door. Specifically though, here are five tips to ensure we aren’t taken advantage of by cybercriminals:
- Do not open emails or attachments from people you do not know.
- If you know the sender, but he or she sends a link or document you weren’t expecting, don’t open it. A quick phone call can verify it’s legitimate.
- Make sure your systems are up to date.
- Use passwords that are complex or lengthy/nonsensical passphrases; or better yet, use a password manager.
- Ask for permission instead of forgiveness. When in doubt of the message, sender, link, or attachment, ask someone if you should open or click on it. It is simply not worth it to take a chance.
Be the solution
If proper precautions are taken, most infections can be avoided. To learn more about protecting yourself from malicious software and for tools to educate staff, visit the cybersecurity sections of the Federal Trade Commission website at FTC.gov and Better Business Bureau website at BBB.org. You’ll find tips, tricks, toolkits, educational aids, examples of common cybercriminal tactics, and more.
Hire IT professionals that can speak to the threats you hear about in the news. Listen to their recommendations. Ask for help, be proactive, and train employees on these threats. Your business is worth it.
Jodi O’Toole is Director of IT and Web Development at the National Wood Flooring Association in St. Louis. She can be reached at firstname.lastname@example.org.