Drive-By Download

The most important thing for an SMB to do is to ensure all employees’ web browsers and computer operating systems are fully patched to reduce the likelihood of unwanted malicious installs.

 

Secondly, there are new Domain Name Service (DNS) services from Cisco (Umbrella) and WebRoot which check your DNS requests and block access to known malicious websites automatically.  Ask your Managed Service Provider (MSP) if they support deployment of one of these DNS solutions.

 

Thirdly, and equally important to patching is providing awareness training to your employees on how to determine if a website is safe (and many other topics).  As of July 2019, all websites should display a lock symbol which means they have registered a Secure Socket Layer (SSL) certificate. This ensures all communications between your computer and that website are securely encrypted.  These SSL registries validate a website owner’s identity before issuing an SSL certificate.  However, having an SSL certificate is not a guarantee the website hasn’t been compromised.  It could still be pushing malware down to user’s computers.  What it does allow for is a quick escalation of a compromise to the website owner based upon contact information in their certificate reducing the time they are online after compromise.

 

Finally, there are some safe search plugins available for browsers that provide reputations on websites that are returned in a Web Browser search on Google or Bing; these are called browser extensions. One example is McAfee’s safe searching tool called Web Advisor. Some of these browser extensions can be cumbersome to manage, install, and support, so use this last advice carefully. CyberHoot recommends this for power users rather than the everyday employee.