Malware. We’ve all heard of it. It’s been headline news. The US Dept. of Homeland Security issues daily threat alerts. Software companies and device manufacturers scramble to patch discovered exploits. Many of us have had friends, family or colleagues who have been infected.
Malware. Malicious software. We know it’s bad.
When it comes to malware threats, there are no sacred cows. Not little old ladies. Not Pope Francis. Anything and everything is fair game for infection and has most likely been compromised at some point in time. In addition to the usual slate of victims such as financial institutions, government agencies, media websites, retail outlets and nuclear power plants (really!), some telling examples include hospitals, schools, senior citizens and churches.
The reality is, none of us are safe. In an increasingly internet-connected world, malware—designed to hack, steal, extort, hijack, destroy, spy, deny, expose or scare—is the bitter pill we must choke down if we want to continue connecting to all that internet goodness.
Malware – Not Just From Criminals
In my role as a technologist providing IT Managed Services to our partner-clients, I often get asked “Why do people create malware?” Great question. While I’m not qualified to expound upon the infinite possible motivations which can be derived from the human psyche, I think greed would be the number one motivator.
Malware is big business for organized crime. Ransomware, a malware variant designed to encrypt your data so it can be held for ransom, has become such a lucrative business model, it’s now being offered as a service to inexperienced would-be cybercriminals. This trend is highlighted in the McAfee Labs 2016 Threats Prediction Report, and is succinctly summarized in a McAfee blog post:
“The cybercrime-as-a-service ecosystem discovers, mutates, and sells these advanced capabilities and support infrastructure to all comers, including the least sophisticated malicious actors, on the burgeoning dark web.”
Check out this great blog post on smartfile.com by Victoria Shaw titled Ransomeware: Are you prepared? in which I was quoted about our first ransomware experience with a new partner-client.
While money is undeniably a big motivating factor–being the root of all evil, and all–I would also add to this list two additional motivators (other than boredom and because they can): security and espionage. The criminal element are not the only ones intent on developing and distributing malware. Malware vectors are now part and parcel of every cyber-spy’s tool chest. Government agencies and nation states use malware to monitor citizens, spy on each other, as counter-terrorism measures, and catch child pornagraphers.
What Can We Do?
I’m not here to judge the legitimacy of government-sanctioned malware development and its usage, preach to the choir that malware is bad, or write that malware isn’t the problem (people are the problem). I’m just pointing out that as long as there are people and technology–along with all the other human-generated ills of the world–there will always be malware (and kooky kat sites).
My job mission is to help. Not only our partner-clients, but anyone and everyone, so they can learn how to keep their data, identities, and privacy safe and secure.
The thing is, however, cybersecurity tips proliferate the internet. Even the most novice of Googlers will be able to find things like:
- Always keep your operating system and software updated.
- Always use security software and keep it updated.
- Never click on email attachments from unknown senders (sometimes from known sender’s hacked accounts).
- Beware of social engineering scams.
- Never use public hotspots to connect to online banking or other sensitive data unless using a Virtual Private Network (VPN).
- Always use strong passwords.
- Never use the same password for multiple sites.
- Never share your passwords.
- Never store your passwords insecurely (Word document, post-it notes–paper or digital)
- Always store your passwords securely with encryption using a password safe.
- Never plug a flash drive into a public photo kiosk. Most are rife with infections.
- Always enable two-factor authentication to sensitive online data and email.
The list goes on. I will expand on most of these in future posts.
Any IT company worth their salt will give you many of the same tips. But the best advice in the world is only as good as the intent and effort used to put them into action.
More Important Than Tips On Malware Safety
You may have noticed the above list contains fairly strong verbiage: Always! Beware! Never! It’s for good reason. I can’t stress enough that a lapse in basic cyber-safety can be catastrophic. A set-it-forget-it mentality is guaranteed to eventually fail. Way more important than any advice about updating software or not using “1234” as your password is the practice and attention put toward the mindfulness, diligence, consistency and education needed to make cyber-safety a habit:
Mindfulness
Pay attention to what you’re doing, where you’re clicking and where you are going. Don’t be click-crazy. Fraudulent emails and internet click-bait are often socially engineered to hook you. Be mindful.
Diligence
Be diligent. Don’t be lax. Password security is a necessity. Renew your internet security software subscription before it expires. Use online photo services only, never your local pharmacy or copy/print store’s public photo kiosk.
Consistency
Rinse and repeat, over and over and over again.
Education
Cyberthreats are frequently designed around social engineering, and are constantly evolving. To protect against increasingly sophisticated attacks, you need to educate yourself. Subscribe to SMB oriented security blogs (like this one) or newsletters. Leverage your favorite search engine. Speak to your IT partner (send us a note!). In an increasingly digital world, your best defense is to stay informed.
This is not just for you. Pass the word. Speak to your staff, your family. Teach your kids good cyber-safety habits. Ask your vendors how they handle cyber-security. Everyone is vulnerable. Everyone needs to be educated.
That’s it for now. Thanks for reading.