Not so long ago, if your organization had a robust security suite that included a firewall and antivirus, you could feel reasonably secure. The antivirus vendors spent a lot of time and manpower keeping up with the software code, or “signatures,” that identified malicious code trying to enter your network. As long as your IT group kept the signatures updated according to the vendor’s recommendations, and your firewall access parameters were fairly stiff, you were doing just about all you could do–or needed to do.
We are constantly learning new ways to defend against exploits, because the exploiters never stop learning new ways to try and gain access to our resources. With the latest wave of threats, however, it is no longer safe to leave cyber security entirely up to your IT/IS team. Your office staff, and, in fact, everyone who uses a networked computer, needs to be trained on the latest wave of serious threats. Everyone who uses a networked computer will be a weak link in the chain, until they accept and internalize their role in protecting the infrastructure. That’s the bad news. The good news is that the training need not be extensive nor expensive.
One of the most prevalent new exploits is entering networks entirely invited by an email recipient. A user on your network gets an email with an attachment labeled “Order Update List for June 2016” (this is a fictitious example). The user, who normally wouldn’t receive such a document, opens the attachment out of curiosity. The attachment has a malicious payload embedded in it that –BOOM–is now on your network.
What would a criminal hope to achieve on your network? Data–lots of it–is stored on your servers. Names, birth dates, Social Security numbers, business account information, every piece of data you store has a value to you, or you wouldn’t store it. It also has value outside of your perimeters. Stolen data is a lucrative operation, and these programs may provide access to it. Alternatively, these payloads can contain an encryption program that will start encrypting the files on the computer on which it is run. It also moves out to mapped network drives and starts encrypting files on your server shares. It only takes one of these to bring your organization to a grinding halt. If your IT/IS team hasn’t been diligent on backups, and/or doesn’t know how to restore from the backups, your data is held for ransom by this crypto-malware until you pay the ransom.
As unsettling as that is, your users can be quickly trained not to open mail attachments if they don’t understand why they received them. Even expected attachments, if received out of cycle, should be considered suspect. The recipient should call the sender and ask for an explanation. Macros can be helpful in calculating financial transactions, but documents you receive from external sources should not contain macros. Ask senders to send a version of the document with only the data, not the macros. Every business is fighting the same battle against cyber criminals, and we all have to cooperate and work together.
On the sending end, your staff should not be sending documents containing macros outside of the network. If you are sending something out of cycle, be proactive in providing an explanation.
Do you need some more information on this topic? Alary Clinitech is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks, and news. Contact us at (416) 291-7377 or send us an email at email@example.com for more information.
Thanks for helping us upgrade our Macs and get them working exactly as our business needs! Fast, convenient and very knowledgeable! You’re the best!
Alary Technologies has been our IT support team for the past year at the START Clinic for Mood and Anxiety Disorders. They have done a excellent job in upgrading our system, organization, and supporting us in technical computer matters. Compared to other IT companies we have worked with, Alary Technologies comes on top. Ahmed Kufaishi the Managing Director at Alary Technologies is solution focused, knowledgeable and makes an effort to really understand his clients’ needs. It has been a pleasure to work with Ahmed and Alary Technologies. I would recommend their services to other companies and clinics.
“We continue to work with Alary Technologies due to the fact that they are quite educated and knowledge based with current upgrades, and their commitment to their customers.”
Ahmed has been providing our company with expert IT services for close to 3 years. He has guided us through hardware upgrades, server back up procedures and was instrumental in brokering a custom software program that fully automated some key functions in our business. Ahmed has always been thoroughly professional in all his dealings with us and has provided consistent and sound advise for all of our IT requirements. We consider Ahmed and Alary Technologies to be an important partner for our business.
It is refreshing to work with someone who can organize things and describe in plain language. I have a large and growing knowledge base for my work as an architect. I have realized that I can’t do everything, that I do need a team member who can look after this one relatively small by crucial part of my practice.