CAN I CLICK ON THIS?
Just this week a new ransomeware attack rolled out internationally called Petya. Similar to WannaCry, this attack used an operating system vulnerability to encrypt user data, then charge a ransom with the promise to unencrypt their data once payment is received. As always, CTSi’s Managed Services Customers receive the latest updates and patches to keep their systems safe, but that doesn’t protect from decisions your staff might make to invite more threats of these kinds onto their systems.
We’ve asked our Director of Managed Services, Jon Helman to join us for another edition of Ask a Technician to provide important guidance in mitigating the potential of user-initiated attacks on your company’s systems. This week we ask, “Is this email safe? Can I click on this?”
Jon, how real is the threat to computers from emails, attachments, links, and websites we visit?
Attackers hunt for data they can exploit. Sometimes the best way to hunt is to lure users out and trick them to unknowingly provide that data. Users expose passwords, user accounts, private documents, banking details, and even other personal contact information. It’s a real danger, and people are quick to trust what they see on their screen. It’s important to be informed and understand when these tactics are being utilized.
Why are users targeted and what are people after when they attack?
It’s easier to trick a person than a computer. And people usually have all the same access to the data that the computers do. Hackers are exploiting the most vulnerable points companies have.
What kinds of tools will help, and how are they helpful?
Spam filtering, Anti-malware, Web traffic filters, and content filtering are all helpful and are enhanced by a Unified Threat Management appliance at the edge of your network. We provide these resources for our customers, but without education, users may still take action that puts their company at risk without realizing what they are doing. We recommend training in addition to these tools.
How will training help to protect me from an attack?
Our training focuses on a number of areas. For example, we discuss:
- How to verify the legitimacy of the sender of an email.
- Recognizing unsafe login sites posing as login pages for the services you use.
- Identifying unsafe attachments.
- Address bar and URL basics to ensure you are on a safe web page.
- Best practices and policies to protect your company.
- How preventative tools work to keep you safe.
- What to do if you find yourself in the midst of an attack.
- How MSP customers benefit from the services provided by CTSi.
What is one thing I can do differently today to make my business and data more safe?
Make a commitment to be more aware of how your computer is interacting with the Internet. That includes becoming more aware of the ways you connect, the traffic coming in, what you send, where you go. This awareness will help you to understand how critical it is to be connected to the world out there, but also how vulnerable you are and how training for you and your staff with CTSi will be a vital investment into the security and future of your business.