Recently, an eMentum employee’s 84 year old grandmother asked him to fix her computer for her. It was “acting slow”. After a brief investigation, he discovered no less than 400 pieces of malware on her computer, using virtually all of her system resources and a significant portion of the home’s internet bandwidth. After cleaning up the mess and returning the computer, he counseled her to practice some safe browsing techniques. Her immediate reaction was one of shocked horror: ‘Who would do such a thing?” and “How would I have ever known about this? I thought I was covered from these things by my Anti-Virus software”.
In another example, a client of ours recently encountered a particularly noxious piece of malware making its way around the internet known as “CryptoLocker”. Cryptolocker falls under a category of malware known as “randomware.” An unsuspecting user clicked on what seemed to be a legitimate email attachment from a well-known vendor (e.g. UPS, FedEx). The attachment contained an executable file that installed Cryptolocker, which encrypts certain types of files (e.g., Word, PowerPoint, Excel), rendering them useless to the user. Cryptolocker then displayed a message that informed the user that the files had been encrypted and that the only way to regain access was to pay a ransom in Bitcoins, an untraceable digital currency. If the ransom was not paid within 72 hours, Cryptolocker would delete the key to unlocking the encrypted files, leaving no way to access the information…ever again.
Anti-Virus and Anti-Malware applications did not detect or cleanse Cryptolocker on this organization’s network. The infection occurred because of the user’s lack of knowledge of basic cybersecurity best practices. Fortunately for our customer, the infection was contained by a relatively quick analysis of the situation. The infected machine was removed from the network by the customer; backups were installed; and the workplace was cleansed of all instances of this malware before it could infect the entire network. As part of our client’s recovery process and in the interest of preventing such an event from occurring again, eMentum recommended that everyone in the organization take a selection of short, interactive online courses from the ‘Securing the Human’ training series provided by the SANS Institute. These training courses introduced our client’s employees to more than twenty different Security Awareness scenarios, including Wi-Fi Security, Phishing attacks, and Insider Threat mitigation in an easily accessible (and affordable) format.
Sadly, these two examples are quite common, even among security and IT professionals. Basic security techniques are ignored, not followed, or genuinely not known, and this neglect can lead to a breach in information that is potentially catastrophic, both personally and professionally. Firewalls, Anti-Malware, and Anti-Virus software are all critical elements to a properly functioning IT security plan, but the single most effective aspects of IT security are the end user and the practices that he or she takes to keep information safe. These two examples demonstrate that, when it comes to securing your information and your network, the most cost effective and reliable action you can take is to provide adequate training and education to your staff. This really is the best way to ensure that an individual is ready to face the myriad threats that exist on the public internet.
Have you ever experienced a CryptoLocker attack or other malware? Does your organization practice routine IT security training? Let’s talk! I’d love to hear your experiences and share our lessons learned.
Thanks for reading! Do Good. Have Fun. Add Value.