321546

Wednesday, 24 October 2018

Do You WannaCry or Shall I Petya?

If you've never heard of Malware and things like WannaCry or Petya, it's time to learn and understand just what they are, how they work, and what you can do to avoid an infection.


There were several key crypto attacks involving malware in 2017 and WannaCry and Petya were two of the biggest. It seems the rates of cybercrime are rising and we can't emphasize enough about the importance of awareness and education when it comes to preventing yourself, your family, and your business from being victimized. 

For example, WannaCry (titled so because of the append .WCRYwas a form of ransomware that used a cryptoworm to infiltrate and take control of infected computers, holding them for ransom until payment was made in bitcoins. Similarly, Petya was another form of ransomware delivered to unsuspecting victims via attachments loaded in e-mails. 



Best Practices To Prevent Malware Attacks On Your Business

Use a reputable IT company with whom to work.

Much of what is required to protect you and your computes and website will be best advised and implemented by experts who understand the ins and outs of your computer system.

Back up your web server!

This is actually s step that will help you should you suffer an attack, rather than one to prevent it from happening. However, should your computers become infected, having everything backed up will allow you to recover quickly and avoid loss of use. Of course, back ups need to be done regulalry, even daily.

Minimize access.

User access should be restricted to only those who need it, including those within specific areas in the system itself, and ensure that all users have strong passwords which are changed regulalry.

Track users.

Trust of your employees is important, but your server should still track all users log-ins and actions taken within the system.

Ensure file transfers are encrypted.

Use of Secure File Transfer Protocol (SFTP) and Secure Copy protocol (SCP) tools to transfer files.


Be wary of what information you provide to web users.

Avoid error codes that show your server type or type, or log-in error notices that only indicate a mistaken password which lets hackers know that the user name may be correct.

Educate employees on social engineering scams.

Criminals find it easier to hack an unsuspecting person than an actual computer and use a multitude of tricks to impersonate persons of authority in order to get money or passwords.

Don't use the web server for anything but your web site.

Browsing the web or posting about personal activity on the same web server as that of your web site just opens the door to hackers looking to get in.

Update frequently.

Keeping your programs and software updated will prevent hackers from exploiting vulnerabilities.

Remove all unused programs from your system.

Popular programs often have weaknesses that hackers can exploit, so if you don't use the program it's best to remove it from the mix.

Keep software inormation off your server.

Store software documentation and information such as names of programs and version numbers off the server and keep it elsewhere, to avoid hackers using the information to gain access.


There are many practices and protocols that will help keep malware off your computer but along with backing up your system, having an emergency plan to deal with possible infections will help minimize damage and reduce the impact on your clients.
 



No comments:

Post a Comment