Every business now knows how important online security has become in this increasingly digital workforce. From dangerous viruses, malware, scam emails and social engineering, there are many ways that your business can come under attack. Let us help you shore up the holes and train your users to stay safe online.
The Importance of Security
It is no exaggeration to state that security (or lack thereof) is now one of the biggest threats to New Zealand businesses.
We’re not sensationalising here. Back in 2017, 25% of New Zealand businesses reported that they were directly affected by the highly publicised NotPetya and/or WannaCry ransomware attacks, which combined caused over $14 Billion USD worth of damages worldwide.
More recently, CertNZ reported that opportunistic scammers were leveraging the Christchurch terrorist attack to target NZ businesses and individuals by (amongst other nefarious tactics) sending phishing emails soliciting donations for the victims and families (that in reality link to fraudulent bank accounts).
The burgeoning malware industry is estimated to be worth several trillion dollars per year – so how can your business best arm itself against being its next victim?
RANSOMWARE – THE BIGGEST CYBER SECURITY RISK TO YOUR BUSINESS
The rising prevalence of ransomware globally is in no small part down to the fact that such attacks prey on fear of loss. Hackers render company data inaccessible: literally holding businesses to ransom, pending payment of bitcoins or similar cryptocurrency to a nominated (usually untraceable) account.
Raising awareness through education is crucial in lowering the risk that your employees (and consequently your business) falling victim to a ransomware attack. Teaching vigilance as well as how to recognise red flags and react appropriately, instead of haphazardly clicking unknown links or opening suspicious email attachments, is key.
Typically, ransomware comes in one of three flavours:
- A malicious download link (with a tantalising title) is served via a user’s web browser of choice, due to the hacker exploiting a vulnerability, often caused by the user not running the latest version of the browser software, or an unsafe extension
- An email (often very convincing in content and tone: sometimes even appearing to come from a genuine-looking email address) containing either a malicious attachment or a malicious download link, is received, opened and/or clicked by the user
- A bluff email, usually taking advantage of mass data leaks to scare the user into believing that the ‘hacker’ has accessed their system and gained access to their private passwords and content. A common bluff is for such emails to claim that they have incriminating evidence of visiting inappropriate websites (or even video footage captured through the built-in webcam!) which they will share with all your networks unless (you guessed it) x amount of bitcoins are deposited, or money is wired via Western Union
Once invited in by the unsuspected user, the ransomware will normally start to encrypt data on that user’s device, and (even more alarmingly) spread to other devices on the user’s network and replicate the process.
Prevention is better than cure
Beyond educating your workforce, partnering with a reliable managed service provider such as Ohnyx will help ensure that your Windows updates are always up-to-date, as well as the latest software updates applied for third party or niche line-of-business software.
Outdated versions of software or unapplied security patches are akin to an open invitation for ransomware, so we work hard to plug any such gaps ASAP.
Whilst it is impossible to guarantee 100% protection, use of cutting-edge antivirus programs with advanced malware detection functionality, centrally managed through our support team, allows us to stop all types of malware, including ransomware, at source more often than not, minimising the chances of your employees even being reached, and tempted by a malicious link or attachment.
Even if you remain truly vigilant in educating your staff and applying the latest patches and updates, it’s still entirely possible to fall victim to ransomware. Humans are fallible, and threats are increasingly convincing and sophisticated. For example, it is becoming increasingly difficult to spot a bogus email purporting to be from a reputable source, compared to the real thing.
Ensuring adequate disaster recovery processes are in place helps you quickly recover and restore data should the worst come to the worst.
BEYOND RANSOMWARE – OTHER MALWARE – VIRUSES & PHISHING SCAMS
Whilst ransomware is very much the en vogue buzzword and undeniably the biggest risk to your business when it comes to security, threats also come in other forms, including:
Viruses – unlike ransomware, which is a means of extorting profit, viruses purpose is simply to destroy or render useless your data or IT systems. Whilst viruses come in many different shapes and sizes, destruction is the recurring theme. Think of viruses as nihilists or anarchists: they just want to see everything crash and burn.
Phishing Scams – Phishing doesn’t always come through email, but it’s certainly the most prevalent medium. These nasties are designed specifically to con the recipient (or website visitor) to voluntarily part with their personal passwords and information (such as credit card numbers). Phishing scams are becoming increasingly sophisticated and difficult to spot. Emails purporting to come from Apple or Microsoft (or in some instances your boss!) use spoof sender headers to appear completely genuine at a cursory (or even a probing) inspection.
Our approach to dealing with all malware - be it viruses, phishing or ransomware - is to do as much as we possibly can to ensure all our client systems and data is:
- Completely up to date at all times.
- Backed up to the hilt.
- Easily restorable in the event of disaster recovery.
- Protected through industry-leading, enterprise-class antivirus and antimalware solution, running the latest signatures at all times.
We will only ever recommend and implement a fully managed, comprehensive antivirus and antimalware solutions for your business that we would be happy to implement in-house on our own network.
Finally, we’ll spend time with staff to educate them about the risks and best practices for minimising the chances of falling prey to malware.
We can’t 100% guarantee that Barry from marketing won’t click that link claiming he’s a lucky winner, but we’ll do our utmost to make your organisation as difficult a target as possible, and we’ll be there to mop up quickly and efficiently, if and when someone does something silly.