Staying safe in a technology world is difficult as things change every day. You can fall victim to cybercrime by using a charging cable or USB drive, letting vendors or customers on your systems, or purchasing devices from reputable places. No this isn't anything new but it's still important to be aware of the threats out there and to take steps to prevent attacks.
|What is scary about these threats is that the majority of attacks are designed to occur behind the scenes, so the everyday person wouldn't be suspicious of something going on once they've fell victim. The malicious code is executed behind the scenes.|
Purchase legitimate cables, chargers, and USB drives from reputable companies. In an Amazon world, you might not want to always want to buy the cheapest product. Take into consideration the seller and the brand. Can I trust these companies? This isn't always fail-proof, for example, Best Buy (a reputable big box store) was selling infected picture frames by INSIGNIA (a well-known brand) in 2008 per Sophos. Some devices have firmware updates, it's important to keep devices up to date on firmware to close any loopholes for hackers. Purchasing legitimate brands from reputable stores will minimize your exposure to risk.
Another old but still relevant issue is Juice Jacking. You plug your phone or devices into public chargers or USB ports, and the malicious code is injected (again behind the scenes). Think of the gas station skimmers, similar concept (stealing your credit card info). Going on unknown public WiFi networks, you are opening your computer or mobile device's front door saying please come in.
|Do not use random USB drives you found somewhere. If it's laying around in the building, on the street, or on your desk, do not use them! Before using a USB drive consider the source. Did this come from someone you trust? What data is on the device that you are accessing? Again, plugging in an unknown device could inject malicious code behind the scenes!|
According to Tapei Times, at a security expo, the national police - Criminal Investigation Bureau handed out 250 USB drives. Of that 250, 54 infected with malware (XtbSeDuA.exe). It would be a good training experience if it had been intentional, however, the drives were infected by mistake from a contractor that transmitted the malware to the drives when testing their facility, after his machine had been infected! Although this specific malware was an older strain and did little damage, it is a great example to be leery of what you plug into your computer.
From the example above it's also important to make sure you know who you let on your network. If you have vendors working, it's important to not give them access to your internal network unless you have confirmed they have security products installed on their devices and their devices are not infected. Rival Technology pushes our clients to make a company policy to not give internal network access without authorization from a Manager or IT Department. This includes but isn't limited to letting them hard plug into the network, giving wifi access, remote access, and more.
The same concept of not using an unknown device can be applied to opening emails and attachments. Don't trust every email you receive, first ask yourself a few questions. Do I know this sender? Am I expecting this attachment? Is the sender actually who it says it is (hover over the sender address or links to see if it matches up). If you are unsure, pick up the phone or use a different medium to contact the sender to confirm it's legitimate. Opening that word document that says invoice could be infecting your computer with Ransomware with the embedded code in macros.
All of the above notes are good for user training. Every day more "bad guys" are creating new malicious code and finding new vulnerabilities so it's important to have educated users to prevent the majority of attacks. However, it's also important to make sure that your devices are protected and that's where your IT department comes in.
The first step to staying secure is to make sure that devices are patched and firmware is updated on a regular basis. It's amazing how many companies don't make this a priority, even big hospitals (as we have seen with the ransomware attacks). For our managed clients, we push patch updates on a weekly basis. Ask your IT department or IT company how often your devices are patched.
The second step to staying secure is to make sure you have good security products in place and configured. We love Sophos products, they seem to be one of the top products to catch and stop most attacks in their tracks. Servers, desktops, laptops, and mobile phones should have an endpoint product installed and monitored. Updates should be automated. There is additional add-on products like Intercept X that stop ransomware (encryption of your files - making them unusable unless you pay the ransom) and revert the changes made back to the original state.
Lastly is more network engineer/systems administrator level, but make sure you have proper firewall rules, group policies, and user restrictions set up. Not everyone should be an admin. Disable unused wall ports.