Welcome to the Virtual Public Network
It just keeps happening. This week alone we have heard about a number of local and national security breaches that have left businesses with the hollow feeling of data-loss. These incidents conjure the image of a basement dwelling hacker, replete with standard issue black hoody, face obscured, tapping code into a browser. While this undoubtedly can and does happen I would cast your attention to the other end of the equation, the end where the breach actually takes place.
This image is pretty normal and essentially consists of a well meaning user, perhaps sitting in a post pandemic coffee shop, clicking on a simple PDF attachment that came from a vendor, customer or management. What could be the harm in opening that attachment?
But in an instant that innocent looking PDF goes to work, executing code that by its very malicious nature is designed to harvest data, replicate itself and email its code to a database of users, which in this case happens to be your entire contact list. Worse still, that file is ransomware and the execution of its code encrypts your entire drive, 50%, 60%, 80%, 100%, at which point it prompts you to call, email or just “send a check” in order to unlock your files.
Education can definitely help, training videos and practice sessions can make you more aware, and therefore more vigilant to these types of attacks. Always try to avoid sending any privileged information such as social security numbers or bank routing and account information. Always verify links before clicking and feel free to check the header information to verify the sender’s actual details.
Finally, in the case of a breach, the best offense is defense, which means deploying backup and business continuity software which effectively allows you to roll your system back to a previous state. While that might take a little time it offers a comprehensive recovery strategy that is far better than what could be a very public alternative.