Three best practices to protect your data.

While malware and phishing attacks have evolved over time and are constantly becoming more and more sophisticated, there are ways to protect your data from them. Here are two best practices to observe no matter the size of IT infrastructure needed in your company or organization to follow that can help safeguard your business.

Install a strong firewall
A firewall can help prevent unauthorized access to your network by monitoring access attempts and allowing or rejecting them. Firewalls are flexible in the sense that you can choose how stringent or lenient you want it to be in terms of limiting access. There are different kinds of firewalls, each serving a particular purpose and offering different protection levels. An MSP with deep experience with these technologies, as well as your specific industry, can be an excellent resource. Firewalls basically work to block unauthorized traffic to your network based on various factors including IP address, location and any other custom parameters that you may choose. Without a firewall, your network is essentially open, exposed to any one on the web, which puts you at serious risk.

Invest in antivirus software

Antivirus software programs identify viruses and other malicious attachments that cybercriminals may use to gain entry into your system or network. Make sure you invest in a good antivirus software and update it regularly so it can protect you against newer versions of malware that crop up with time. Be wary of consumer grade programs.

Train your staff

Train your staff to identify and steer clear of phishing emails, links and messages. All the protection in the world is no defense if your staff opens a phishing email and clicks ona malicious link. It is game over right then. Employees tend to assume you are the one responsible for maintaining data security. They often don’t realize they also play a role. Educate them on password hygiene, safe web surfing, and basic IT best practices even when using their own devices. You can provide training in-person and conduct mock drills and IT workshops. Also, consider sending regular emails on these topics so your staff remains alert. Security training isn't a one-off project. Also update your staff on any new vulnerabilities discovered and if there are any security updates or patches released for them in the market, then be sure to apply them immediately.

Ransomware vs. other malware attacks

There is no end to the volume and type of malware out there in cyberspace. For a very long time, organizations were aware that viruses could attack their data, render it corrupted and unusable. They were also aware that malware was used to steal data and use it for–primarily–monetary gain. Sell off banks of credit card numbers, steal identities, re-sell Social Security numbers, etc.

Phishing, as we talked about in an earlier blog, is a set of tricks to get access to personal information and probably even to your IT network by stealing access credentials, but that’s not the only way. Cybercriminals also deploy various malware such as viruses, worms and trojan horses to attack IT networks. These malware usually gain entry into the system disguised as genuine email attachments, links to file downloads, etc. and then corrupt the data. If it is a case of a virus whose sole intent is criminal mischief, your surest protection are consistent and frequent backups. In the case of malware whose goal is theft, you need to have the technical expertise to maintain the security firewalls, anti-virus software, and knowledge of the field of cyber crime to protect your organization. Ransomware is a newer threat that requires additional knowledge in order to ensure that backups are clean in case of an attack. Ransomware, as the name suggests, is a kind of malware attack that goes beyond data corruption where the cybercriminals hold the data hostage and demand a ransom from the business for restoring data access. Backups can also be infected with a ransomware virus, leaving you completely vulnerable to ransom charges if you want your data back.

The point here is that cybersecurity is a specialized field. It is a lot more than buying a consumer grade anti-virus application. In general, in small- and medium-sized organizations, in-house tech staff may not have the depth of experience and/or the time to keep up with the latest issues and threats in cybercrime, necessary to design and maintain a well-defended IT infrastructure. In the area of cyber security,

It makes sense in such a scenario to bring an experienced Managed Services Provider (MSP) on board who can help you with data security, training and general up-keep and maintenance of your IT infrastructure.

Everyone wants to go phishing.

You are very much aware that your company or organization is at risk, every minute of the day, from cyberattacks, malware, ransomware, and even benign errors that can put your data at risk. Even a failed backup procedure could mean a loss of critical company and customer data. In today’s blog we’re just going to review one of the most common methods that bad actors use to try to gain access to your data. Phishing. Phishing isn’t a particular type of malware or virus that attacks your data. Instead, it refers to the tools cyber criminals use to get access to your data. Phishing refers generally to the bag of tricks they use to break into your house.

In phishing attacks, cybercriminals generally send a web link that is disguised to look genuine, and prompt the receiver to share information that will then be misused. For example, an email may be sent to you that looks as though it came from your bank or the IRS announcing a tax refund that your business is eligible to receive. You may be asked to log into your bank account or a fake IRS site and enter your bank details to receive the refund or download a receipt. The cybercriminals will have access to any details you share and later use it to clear out your bank account.

Phishing links may also lead to clone websites. Clone websites, as the name suggests, are websites that look strikingly similar to original websites, but are obviously not the same and are controlled by cybercriminals and used to steal data from unsuspecting victims. Here are a few tips to help you identify clone websites and steer clear of them.

If you receive an email with a link to a familiar website asking you to log into the site or enter your personal information, cross check the URL. Check the spelling and domain, for example, www.amazon.com is the right URL, whereas a clone website may have an URL that looks similar but is not the same. An example would be www.amaazon.com or www.amazon-offer.com Another thing you can do is, always type the URL you intend to visit. For example, if you are being asked to log into your bank account, type your bank’s website address instead of clicking on the link they provided to you in the email.

Sometimes, phishing attacks can be manual as well, meaning, instead of asking you to enter your personal information in a website or a form, the cybercriminal may pose as someone you know and send you an email from an email address that looks authentic and try to get money or personal information from you. Such attacks usually happen if your network or that of your recipient’s has been compromised in a hacking attack, whereby the cybercriminal has some information that they can use to make their messaging sound genuine.