In many of our past articles, we emphasized the need for Small-to-Medium Size Businesses (SMBs) to take security more seriously. As you’re reading this, there is a cyber-criminal somewhere in the world creating a new piece of malware, virus, or devising a social engineering plot. Cyberspace is a dangerous place but one that all businesses must navigate.
As the recent security alert issued by Microsoft shows, Email is still one of the easiest ways to spread malware. Think about it. EVERY business uses email and the most popular email system is Microsoft Outlook. Microsoft’s alert goes on to say that a vulnerability in MS Word allows hackers to gain control of your PC without it being necessary for the user to click a link. In other words, just opening or previewing the compromised email will cause the malware payload to be delivered, opening the system to hackers. Scary!
Here’s how to protect yourself:
- Use an updated and supported Operating System. Microsoft is ending support for Windows XP and Office 2003. Unfortunately, the newly discovered exploit mentioned above uses MS Word to spread its malware. After April 8, 2014, Office 2003 and Windows XP will no longer receive security updates.
- If you insist on using Windows XP, follow #5 below and don’t use Internet Explorer (IE) to surf the net. After April 8th, IE’s vulnerabilities will not be fixed when support ends on XP machines.
- Keep your anti-virus and anti-malware programs up-to-date.
- Make sure your PC is fully patched and Microsoft updates applied. This is crucial.
- Until Microsoft comes out with a permanent fix to the latest threat, configure Outlook to read emails in plain text.
- If you receive an MS Word or RTF file from someone, scan it first with BOTH anti-virus and anti-malware programs BEFORE opening it.
- Never disable the User Account Control (UAC) on your Windows Vista, 7, or 8 PC and heed its warnings.
- Even though the newest threat can deliver its payload without actually clicking on a link, be extra cautious about opening emails from unknown people and certainly don’t click on any links within the email. Better yet, delete suspicious emails from your Inbox and Deleted folders.
- Never respond to email requests for passwords, or personal and financial information.
- Never send sensitive information such as credit card and bank account numbers via email.
- Use strong passwords for all systems and never use the same one for multiple applications. Hackers have sophisticated software that can crack passwords in minutes. Passwords should be at least 8 characters long and include capitals, lower case, numbers, and special characters. The longer the password with these attributes the harder it is to crack.
- Do not keep passwords, site lists, logins, etc. in a text, Word Processing document, or spreadsheet on your computer. Use a Password Manager such as Keepass with an ultra-secure password (see #11 above). Just don’t forget the password to Keepass or you’ll never access the file again.
- Always use a secure wireless connection. Unsecure wireless signals can be hijacked.
- Use a Managed Services Provider (MSP) like XSolutions, to monitor and maintain your servers and workstations.
As business owners and executives, it is incumbent upon us to be aware of the dangers on the internet and train our employees on how to be safe in cyberspace and in return, protect our companies.