“Why Would Small Businesses Be a Target for Malware?”
Malware threats are everywhere. Working with various small businesses a statement I hear too frequently is “We don’t have anything anyone would want” or “I don’t care if we get hacked.” Both of these make me cringe. What they mean is “I don’t think anyone would want our stuff.” You hear about big businesses being hacked and may think they are the only ones who have a lot of information that they don’t want out in the public. In reality, most small businesses have computer data that should be guarded – even if it’s just client lists, or company financials. Imagine what would happen if that information was spread around the internet or if your financial data was emailed to your client list. As a small business owner, you may be using your computer for more than just business. Do you have family photos on your computer? Would you want all of them spread around the internet? Would you mind losing them all? Do you store passwords on your computer in text files, word files, spreadsheets, or just in the browser? If someone could gain access to your Facebook or Twitter account, could they get any of your friends to click on a link that supposedly you sent out? What if your computer were being used for illegal activity and you didn’t even know it? Chances are you can relate to one or more of the questions I have asked, and chances are you would prefer not to be hacked and not to have your information spread around the internet. The intent of most malware is to steal information or gain access to computer resources.
The Scrap Value of a Hacked Computer
Below is a list of tasks a “Hacked Computer” can be used for. This information was pulled from this article: http://krebsonsecurity.com/2012/10/the-scrap-value-of-a-hacked-pc-revisited/ Brian Kreb’s site is a gold mine of security information.
- Your computer could be turned into a Web Server for the following activities.
- Phishing Site
- Malware download site
- Warez / Piracy server
- Child Porn server
- Spam Site
- Your computer could be turned into an Email Server for sending out the following mail.
- Spam
- Stranded abroad scams
- Harvesting email contacts
- Harvesting email accounts
- Access to corporate email
- Your computer could be used to sell Virtual Goods.
- Online gaming characters
- Online gaming goods/currency
- PC game license keys
- OS license keys
- Access to your computer and your credentials for Reputation Hacking.
- Linked In
- Google +
- Your computer could be used for Bot Activity.
- Spam zombie
- DDos extortion
- Click fraud
- Anonymization proxy
- CAPTCHA solving
- Your Account Credentials could be stolen and used for:
- eBay / Paypal fake auctions
- Online Gaming
- Web Site and FTP access
- Skype/VoIP
- Client Side Encryption keys
- Your Financial Credentials could be stolen giving access to:
- Bank account data
- Credit card data
- Stock trading data
- Mutual funds / 401K accounts
- Your computer or data can be held Hostage with the following attacks:
- Fake antivirus
- Ransom ware
- Email account ransom
- Webcam image extortion
How to Protect Your Information
1. Strong Passwords. With so many ways a computer can be utilized for dark reasons it’s important to be vigilant with your security. The reason to use different credentials on every site you visit is if one account is compromised it’s easier to contain the breach. If you have used the same password or a slight variation thereof on many sites, then you could have multiple accounts compromised and you may never get the genie back in the bottle. If you only access a few sites, you might be able to remember a few good passwords but if you have hundreds like I do, then you should be using a password manager. I will do another article on password managers later. Password Managers come in different flavors but they usually will have a master password that gives access to your vault of other passwords so that you only need to remember the one strong password.
2. Be vigilant. Passwords alone will not prevent all malware. You must be vigilant any time you are online. If your computer is on a broadband connection, and most are these days, you need to take precautions. You should have a properly set up router with firewall and secure WiFi. Your computer should have a firewall in place. You should always keep your software patched and updated. You should not have any software you don’t need on your computer. For example, if you loaded java for a job or something and you no longer use it, you should uninstall it when done. You should think about your exposure when uploading files to cloud services. You should have strong passwords protecting any online account where you store data. Think about the pictures you upload from your phone to a cloud somewhere. How safe are they? Do you have passwords stored on your phone or tablet? If those were stolen, what could someone gain access to? Email is one of the simplest ways to get a user to give access to their computer. Phishing emails tempt people to open an attachment that may look benign when in fact it’s malicious code waiting for access to your computer. Resist the urge to see that picture someone has of you. Resist the urge to reply to that guy in Nigeria just needing an account to transfer 6 million dollars to. Resist the urge to look at tracking information for a package you didn’t order. Some of them are very clever but they all have the goal of gaining access to your computer and your information.
If you need help securing data, I can help. With an analysis of your network infrastructure and verifying that credentials are not factory defaults. I provide guidance setting up backup solutions and data protection. I can assist in selecting a password manager and helping you use it correctly. If you have security questions I can help. Call 913-893-1123 and ask for Kent.