Discover 10 easy ways to prevent malware
What is malware?
Malicious software that is designed to harm and exploit any programable device, service, or network. Malware can steal, encrypt, and delete data as well as alter and hijack core computer functions. It also spies on your computer activity without your knowledge and permission. Cybercriminals use malware to extract your data so they can leverage this for financial gain. The data they breach can range from financial data to healthcare records. This also includes personal emails and passwords. They use your email and passwords to get into your accounts and records. Malware can be compared to the human flu. It enters your body unknowingly and interferes with a normally functioning system. In addition to stealing sensitive information, malware will gradually slow down your computer.
Common forms of malware and what they do:
- Virus: copies itself and infects your computer
- Worm: copies itself to other computers using a network
- Spyware: collects information from users without their knowledge
- Adware: automatically plays and downloads advertisements
- Trojan horse: destructive program designed to be an application but ultimately harms and steals information once installed
What is ransomware?
A form of malware that is designed to encrypt files on a device in return for a desired form of payment. Malware renders files and their systems, making them unusable to you. Cybercriminals are also known as bad actors are responsible for such attacks. They take your data and threaten to sell or leak it if the desired ransom is not paid. Ransomware incidents have become more frequent and are continuing to rise. Malicious actors will continue to adjust and evolve their attacks. The cybersecurity and infrastructure security agency are constantly tracking and updating their attacks. For information, visit: https://www.cisa.gov/ransomware
How do cybercriminals do it?
Bad actors have a variety of techniques to pull off their attacks. Phishing is a major tactic they use. This is done by attachments sent through email. That’s why it’s incredibly important to know what you are clicking on. Many people believe the email contains a file that they can trust. Once downloaded and opened, bad actors can take over their victim’s computer. This can grant them administrative access. They also use a variety of social engineering tactics. This includes calling and posing as a real business. They try and gain access into your computer and then can steal your information.
Who gets targeted by ransomware?
Potential targets are organizations that have smaller security teams. Cybercriminals also target users who share a lot of files as it represents an easier opportunity to penetrate. Some universities fit into that description. Organizations that are more likely to pay a ransom are also high-value targets. This includes governmental agencies and medical facilities due to their need for immediate access to files. Law firms are also a high-value target due to the nature of sensitive data involved. Law firms can’t have their data leaked so they are more willing to pay if they lose access to their data.
Follow these 10 easy steps to prevent malware
1. Update your operating system, browser, and plugins
-Don’t delay computer updates. Too often, users wait to perform updates until it’s too late. Updates exist to perform the necessary security updates. Neglecting computer updates allow cybercriminals an easier way into your computer.
2. Enable click to play plugins
– Malvertising or malicious ads are run without needing to be clicked on. They live on websites and run without your knowledge. Enabling click-to-play plugins protects you from these harmful ads. Malvertising relies on the lack of click-to-play plugins.
3. Remove any software that you don’t use
– Having older software that you don’t use leaves you open to attacks. Especially if this is unsupported software such as Windows XP or Windows 7. This includes other legacy software such as Adobe Reader and older media player software.
4. Read emails with an eagle eye
– Phishing is a tactic that cybercriminals use to lure victims into clicking unsafe links in emails. A lot of people don’t pay attention to the nature of the email and become a victim. It’s important to check the sender’s address, the subject line, and structure of the email. A suspicious structure should be avoided.
5. Avoid calling fake tech support numbers
– Hackers will often call as fake tech support trying to offer malware prevention. A real security company would never contact you saying that your computer is infected. If you get a call like this from a 1-800 number, you know something is wrong. If you are unsure, always ask who the person is calling from and a call back number. This allows you to research and see if something is suspicious.
6. Don’t believe cold callers
– Be aware if a cold call claims to be from Microsoft. Another common topic from a scam call is a credit card or insurance information. Don’t ever give out your personal information. If you are concerned, always ask questions and research where the company is calling from. If they are trying to pose as a real company, you can call the company directly to report suspicious activity.
7. Use strong passwords
– It’s important to create a strong unique password. Change it often and don’t use personal information that is written into the password. Avoid things such as your name and birthday. Password managers are very helpful tools as they collect, remember, and encrypt passwords on your computer.
8. Have a secure connection
– To the left of the URL, there should always be a proper padlock icon. This is a little icon that looks like a lock for a locker or bike lock. This means that information that is passed between websites remains private. Also, the URL should be “HTTPS” and not read “HTTP”.
9. Log off when you are done
– Remaining logged into something after your done leaves you wide open to cybercriminal attacks. This is especially the case when using a public computer. Closing the browser or window alone doesn’t secure your protection. An experienced criminal can use cookies to sin back as you. Simply logging out of your account will ensure additional safety.
10. Use firewall, anti-malware, anti-ransomware, and anti-exploit technology
– Firewall detects and blocks many known hacking attempts. This provides multiple layers of protection from things such as unknown agents, malware, and ransomware attacks. You wouldn’t leave your doors and windows unlocked when you leave your house right? The same goes for firewalls on your computer. Have them on so it can help protect your computer whether it’s on or not.
Source: https://blog.malwarebytes.com/
Kaseya ransomware attacks:
Cybercriminals hacked information technology firm Kaseya and deployed ransomware across 2,000 organizations worldwide. The hacking group responsible demanded a payment of $70 million or they will not return the stolen data.
Kaseya is a managed service provider based in Florida with headquarters in Dublin, Ireland. Their systems are used by companies who outsource their IT instead of having their own tech department. Kaseya releases updates to increase security measures for their clients. The hacking group took control of these updates and installed malicious software. This is one of the biggest ransomware attacks in history.
The hackers exploited vulnerable VSA servers. Kaseya VSA is a piece of software used for remote network management. This software is used by many managed service providers who are Kaseya customers. This attack forced many businesses to shut down leaving them unable to operate and recover their files.
Source: https://www.zdnet.com/
What IGTech365 can do for your organization
As a managed service provider, IGTech365 maintains and monitors your network. This helps detect and prevent issues before they arise. This helps reduce expensive breakdowns as well as employee downtime. Located in Tampa, FL, we service many small to medium-sized businesses in the central and west-central Florida area.
Get a quote today at no cost: https://igtech365.com/contact/
Also, as a Microsoft partner, we can implement the Office 365 business suite. Boost productivity across the entire organization with the number 1 business suite. Office 365 allows you to work from anywhere on any device in real-time. Also, with Microsoft Teams, you can eliminate phone service costs by having Teams as your primary phone service. In addition, Teams integrates all the Microsoft apps you need in one convenient place. This allows you to share and work with Excel, Word, and PowerPoint as you meet live with your team.
Activate a 30-day trial today.