Malware on the Rise: How to Protect Yourself

Share on facebook
Share on twitter
Share on linkedin
Share on email

The stay-at-home mother with a hard drive full of pictures.

The author with a hard drive full of stories.

The laboratory technician in charge of electronically processing and storing test results.

The CEO who saves company sensitive information on his computer.The retail shop that installed new Point-of-Sale (POS) software on their computer.

What do these unlikely candidates all have in common? Whether it was via a website they visited, an email attachment they opened, a link they clicked on, or poor software configuration—one way or another, they have all fallen victim to malware.

For almost as long as computers and networks have been in use, malware has existed attempting to compromise, sabotage and damage these systems. In the beginning, viruses and worms spread through infected floppy disks and security holes in server-based applications. As the technology changed, so has the methods of attack. Now malware is spread through email and files placed on websites as a common way to trick users into installing the malicious software on their systems. And with the rise of mobile device usage, the industry is seeing a dramatic increase in fictitious mobile apps masquerading as legitimate applications.

Studies show:

  • 390,000 malicious programs are registered every day by AV-Test Institute
  • According to the Department of Justice, in the US alone, 2,500 cases of ransomware were reported to the Internet Crime Complaint Center in 2015, costing victims over $24 million
  • Lastline Labs reported that the average number of evasion techniques used per malware sample is 10
  • According to Webroot, 15% of new files are malicious executables
  • Proofpoint research shows that there was a 600%+ increase in attachment-based vs. URL delivered malware attacks from mid-2014 to 2015

What can you do to protect yourself from this growing threat?

The statistics are all too real and a definite cause for concern. When faced with the grim facts, end users are often afraid to perform many of the activities they are so used to doing on the web. But, with proper education and smart decisions, the Internet can be a safe and useful place to visit without having to worry about what is lurking around the corner. In utilizing the following best practices, you will not only protect yourself and your data from hackers and viruses, but also keep your computer running more smoothly and reliably.

Passwords. Your username and password are your virtual identity, and should be treated with care. Password protect all your devices. Don’t share your passwords and avoid writing them down. Use passwords that can’t be easily guessed. Avoid using real words or personal information like names of family members, pets, birthdays, hobbies, etc. A strong password should be at least 8 characters in length and contain a mixture of upper and lower case letters, numbers, and symbols.

Limit personal content on social media. Online criminals use social media information to tease out security question answers and other information that can be used for identity theft. Make sure you know who can access your social media profile. Limit what information is available and verify that your security settings are stringent to avoid unwanted access.

Secure laptop computers and mobile devices at all times. Phones and laptops get stolen from cars, houses, and offices all the time. Whether in your office, coffee shop, airport, etc., lock them up or carry them with you. Before leaving your devices unattended, be sure to lock them or log yourself off, and configure them to require a secure password to start or wake-up.

Use a firewall and anti-virus software. Firewalls and anti-virus are absolutely essential if you want to remain secure. Luckily, most modern operating systems come with a firewall built in, and there are 3rd party firewalls you can use as well. However, you’ll need to find an anti-virus to use since most operating systems don’t come with one. There are plenty of good anti-virus programs to choose from, some free and some that cost, just be sure to do some research on the anti-virus program before you install it.

Keep your devices updated. In order to stay secure, you need to keep everything updated. The reason for this is because most updates to programs will be updates to its security. This is especially important for your web browser, firewall, anti-virus and operating system, but it is also a good idea for other programs you use, especially if they impact your security in anyway.

Don’t install or download unknown programs/apps. Software and apps masquerading as a legitimate offering can harbor behind-the-scenes viruses or open a “back door” giving others access to your devices without your knowledge. Often times, scammers are creating fictitious apps that look identical to what you’re looking for. A recent example of this is when scammers scrambled to get infected versions of Pokémon Go into the app stores for download. You should always closely inspect the publisher, the number of downloads, and other data for signs of fraud before installing.

Never access private information over free Wi-Fi. Free Wi-Fi can be incredibly handy, but it can also be very dangerous if you don’t watch what you’re doing. Since anyone can connect to free Wi-Fi, this can include computer hackers who have the ability to easily intercept the information you send over a wireless network. This is why it’s important to never access important information such as bank or email accounts when using free Wi-Fi. Auto-connecting to unknown networks could also put your device and data at risk. Check your wireless preferences/settings on mobile devices to ensure you aren’t set up to auto-connect to any wireless network they detect.

Backup your data and securely store it. Backing up your data is not necessarily a way of keeping your computer safe, but it is a way of keeping your data safe. Recent malware, called ransomware, infects user’s machines by encrypting all the documents stored there and then demanding a ransom for the decryption key. The only way to restore hours of work or precious baby photos is to either pay the ransom—and hope they send the keys to you—or restore the data from a backup. Often times it’s a lose/lose situation for the end user or company who becomes infected with this malware.

Beware of scams. Scams come in various forms, but regardless of the method, you need to be careful who you share your private information with. Here are some basic principles to follow:

  • Don’t send restricted data via email, text or instant message (IM). These are not generally secure methods of communication.
  • Only click on links from trusted sources. Never click on an unfamiliar link unless you have a way to independently verify that it is safe. This includes tiny URLs and any link where you can’t tell where it will take you.
  • Only use trusted, secure web pages when entering personal or sensitive information online. Don’t log in to websites or online applications unless the login page is secure, meaning the URL starts with “https,” instead of “http.”
  • Don’t open attachments sent via email from someone you do not know. If you receive an attachment from someone you know well, ask the person if they did in fact send you something to view.
  • Phone scams are becoming more common. They involve receiving a phone call from someone pretending to be from Google, Microsoft, or another large company telling you that your computer is infected. Other variations include someone pretending to be from the IRS and threatening you with a judgment for tax fraud. Companies like these will never call you out of the blue and do this. If you do receive a call like this say “No thanks” and hang up.

Practicing safe computer habits will go a long way to protecting your data. Contact us today for more information on how M.A. Polce Consulting can help train your end users in safe computing practices.

Share with Your Network

Share on facebook
Share on twitter
Share on linkedin
Share on email

Get M.A. Polce's IT & Cybersecurity Insights Delivered Directly to Your Inbox.

Subscribe to receive weekly digest emails so you never miss a beat.

vCISO – virtual Chief Information Security Officer