Cybersecurity Awareness Month – Malicious Websites

Malicious Websites are Everywhere

Traveling the Internet from website to website carries with it a certain risk of attack.  Malicious websites pop up out of no-where, or worse, trusted sites are compromised and seeded with malware to attack unsuspecting visitors.  How can you feel safe browsing the Internet then? With these practical tips from CyberHoot, we can help greatly reduce your chances of falling victim to a malicious website online.

First, be careful when visiting Internet websites to prevent clicking on a website that you mistype into your web browser.  If you accidentally type a bad address, hackers may try to steal your credentials inside typo-squatted domains.  Visiting such a website may cause you to give your login credentials to a hacker and then you’re in some serious trouble.

Even if you’re careful where you go, sometimes a legitimate website can be compromised and hosting malicious code that it will push to your computer when you visit.  The best fix to protect you here is to always patch your computer and browser. Don’t ignore that browser notice that says “restart your browser to apply much needed fixes”.  Do the same for all your applications and your operating system.  Good system hygiene is built upon regular patching of your devices.  Don’t forget your IoT devices (smart TV, security systems, fridge, or anything with an Internet connection).

Thirdly, you should consider adopting Domain Name Services that filter out malicious websites.  Free DNS protection services exist that can help protect you personally.  Businesses ought to consider paid services.  Here’s a list of highly rated services on G2.  Explaining how these DNS protections work is learned here, but suffice it to say, you won’t be visiting as many dangerous places with these solutions in place.

Beyond these measures, CyberHoot cautions you about visiting nefarious websites that might not have a business need or may commonly host attack software.  Stick to reputable websites instead of clicking willy-nilly on anything that pops up in your browser searches or advertisements.  Adware is another nuisance that can lead to problems.

With CyberHoot you can learn about far more than how to avoid malicious websites or URLs.  You will learn about password hygiene, why Password Manager matter so much, and how to spot and avoid phishing attacks.  In addition, you can hire CyberHoot vCISOs to help you implement all of the cybersecurity best practices listed below.

CyberHoot Best practices:

1. Train your employees on the common attacks that are out there.  From weak passwords and password managers, to the importance of multi-factor authentication and how to spot phishing attacks.  Awareness is the key to defending your business.
2. Govern you employees with cybersecurity policies including Acceptable Use, Password, Information Handling and a Written Information Security Policy.
3. Establish cybersecurity best practice processes such as a Vulnerability Alert Management Process (VAMP) and a Cybersecurity Incident Management Process (CIMP) to guide and require action in the face of an emergency.  Then move on onboarding and offboarding processes, SaaS management processes, and 3rd party risk management.
4. Establish strong technical protections including: a Firewall, antivirus, anti-malware, anti-spam, multi-factor authentication on all critical accounts,  Enable full disk encryption, manage the keys carefully, and most importantly, adopt, train on and require all employees to use a Password Manager.
5. Test employees on how to spot and avoid phishing attacks.  CyberHoot has released a disruptive method of Phish Testing the fills in gaps in your employees knowledge without punishing them for failure.  Instead we reward them for success.  More info is available here.
6. Backup your data by following our 3-2-1 Backup methodology to ensure you can recover your business from a cybersecurity event.
7. In the modern Work-from-Home era, make sure you’re managing personal devices connecting to your network by validating their security (patching, antivirus, DNS protections) or prohibiting their use entirely.
8. If you haven’t had a risk assessment by a 3rd party in the last 2 years, you should have one now. Establishing a risk management framework in your organization is critical to addressing your most egregious risks with your finite time and money.
9. Buy Cyber-Insurance to protect you in a catastrophic failure situation. Cyber-Insurance is no different than Car, Fire, Flood, or Life insurance. It’s there when you need it most.

CyberHoot believes that for many small to medium sized businesses and MSPs, you can greatly improve your defenses and chances of not becoming another victim of cyberattack if you follow the advice above.