Theodore “The Wisdom Man” Henderson
Best Selling Author, Certified Social Media Security Professional, Leadership Authority
“30 Smart Ways to Protect Yourself from Cyber Criminals” [Kindle Edition]
We are seeing what appear to be several new cyber security trends that are in fact not new at all. Actually what is really happening is that malware-infected office productivity files are trending upward once again. If this sounds familiar it is because, some malware threats from before 2000 were packaged as office productivity macros and their malware relatives are still around today. The current appearance of this malware may be new, but hackers are smart people who know, “if it ain’t broke don’t fix it”, and as such they tend to use very old, yet tried and tested, means of exploiting systems. To counteract these attacks your environment must remain alert, you should be disabling macros, mandating the regular use of strong passwords and practices, and of course having, but also following, your information security policies which can obstruct many cyber threats.
Of course hackers know this and are always looking for creative ways to bundle and distribute their malware, whether by persuading targets to click on a link they shouldn’t or by providing sensitive information over the phone without validating who the caller really is. Email phishing scams work in a similar way as they also function by tricking the target or “rewarding” them into clicking. These days, malware developers (yes this is a real job) are closely monitoring the trends of the software and the services that people are using and exploiting that interest.
You may be thinking this method is much too difficult to implement but guess again. Have you noticed the rise in “try it for free” or “free trial” cloud storage and other online services? Businesses need to be especially suspicious of technology offerings that seem to offer time saving approaches, which are, in reality, risks to their security and otherwise known as “to good to be true”. Sometimes employees, who think they are getting a great deal, will save documents to the cloud using these no cost services, but in doing so usually end up completely bypassing their corporation’s information security policies and procedures which is precisely what the hacker wants. Additionally, applications for file sharing and cloud storage are also often preloaded on appliances or computers, making their use very attractive to individuals who want to access work documents from their smartphones, mobile devices, and desktop workstations.
Once a service becomes prevalent, it can become an effective tool to spread malware particularly if it is easy to use. Within these systems, hackers may insert documents and create links that look more genuine than the malware of the not too distant past might have. Lets face it, people are more likely to click a link if they believe they are opening a document hosted by a known, popular cloud service that is familiar.
Companies should be learning from these repeat threats that a cyber security policy isn’t static but dynamic. The objective is to have solid information security procedures that are evolving to meet the threats presented. Know what your systems are. Know the location of your data and where it is headed. Know how your data is defended and identify potential flaws. It’s also important to remember that identifying exposures should be an ongoing practice. For example, you should consistently evaluate traffic to and from your web applications. If your application is suddenly sending massive amounts of data to IP addresses in Eastern Europe or Asia, and your system does not normally do that, this should be a red alert. If you are a small organization that outsources some of your information security, make sure you have access to firewall and traffic reports. Consider also about how your employees use company information access and systems. If an employee doesn’t need administrative rights to install software for his or her job responsibilities, then don’t give it to them. You might also consider disabling the use of removable drives and devices for employees that do not need to use them in their job capacity. These defensive approaches may sound granular but they are certainly less onerous than a significant data breach and cyber attack.
* This post is an excerpt from a forthcoming full length document discussing crypto lockers, ransom ware, sources of network threats, IT department preparation for cyber threats, risk awareness, data protection, and data privacy programs. Contact us here for access to your full copy of Vigilance is The Key to Your Cyber Security Strategy.
For more information on these and other tips see the e-book “30 Smart Ways to Protect Yourself from Cyber Criminals”: Kindle Store http://amzn.to/1jdcwog
I may be reached at firstname.lastname@example.org for information on consultations and training. Follow me on Twitter @TheoHenderson.
About Theodore Henderson
Theodore Henderson is an Amazon best selling author, Certified Social Media Security Professional Powered by CompTIA, and a Certified Leadership Coach. He is the author of the Security eBook 30 Smart Ways to Protect Yourself from Cyber Criminals aimed at owners of Smartphones, Mobile Devices, and also those who have significant online activities including Social Media, financial services, etc. In addition he authored the eBook “9 Simple Strategies to Becoming A Strong Leader.” He is available for keynotes, seminars, and workshops. He may be reached through www.SocialMediaSecurityTraining.com.