Old-Fashion Hacking – Malicious File Attachments
There are a few truisms floating around security professionals’ minds. One is this: give me physical access to your device and I can break into it. Another is this: allow me to run a program on your computer and I can hack you and steal your data. Now, even if these truisms are only true 20%, 40%, or maybe even 50% of the time, is that a chance you want to take? Not really, right!
Never leave your device unattended, and never, ever, run something you do not trust on your computer, including and especially, files received as attachments to an email. No matter how likely they were to be sent to you, always check with the sender to confirm they are meant to be sent to you. Oh, and don’t check by emailing back the sender of the file, a hacker may intercept and will always say, “Yes, that file is just for you, Pal!“
Also, are you running your workstation with administrative or root credentials? When and if you make a mistake the consequences are much worse as the file runs with the credentials necessary to install more software, in quiet mode, unattended by nuisance prompts of “are you sure” etc. Operate your computer with a non-privileged account. Yes it is more painful on the rare occasion you need to install a printer driver, but honestly how often is that?
Also consider signing up with CyberHoot to learn about, and implement, the best practices listed below.
CyberHoot Best practices:
- Train your employees on the common attacks that are out there. From weak passwords and password managers, to the importance of multi-factor authentication and how to spot phishing attacks. Awareness is the key to defending your business.
- Govern you employees with cybersecurity policies including Acceptable Use, Password, Information Handling and a Written Information Security Policy.
- Establish cybersecurity best practice processes such as a Vulnerability Alert Management Process (VAMP) and a Cybersecurity Incident Management Process (CIMP) to guide and require action in the face of an emergency. Then move on onboarding and offboarding processes, SaaS management processes, and 3rd party risk management.
- Establish strong technical protections including: a Firewall, antivirus, anti-malware, anti-spam, multi-factor authentication on all critical accounts, Enable full disk encryption, manage the keys carefully, and most importantly, adopt, train on and require all employees to use a Password Manager.
- Test employees on how to spot and avoid phishing attacks. CyberHoot has released a disruptive method of Phish Testing the fills in gaps in your employees knowledge without punishing them for failure. Instead we reward them for success. More info is available here.
- Backup your data by following our 3-2-1 Backup methodology to ensure you can recover your business from a cybersecurity event.
- In the modern Work-from-Home era, make sure you’re managing personal devices connecting to your network by validating their security (patching, antivirus, DNS protections) or prohibiting their use entirely.
- If you haven’t had a risk assessment by a 3rd party in the last 2 years, you should have one now. Establishing a risk management framework in your organization is critical to addressing your most egregious risks with your finite time and money.
- Buy Cyber-Insurance to protect you in a catastrophic failure situation. Cyber-Insurance is no different than Car, Fire, Flood, or Life insurance. It’s there when you need it most.
CyberHoot believes that for many small to medium sized businesses and MSPs, you can greatly improve your defenses and chances of not becoming another victim of cyberattack if you follow the advice above.