Protecting Your Data – In Email, On Mobile Devices, and On the Web
Ever noticed how long it’s been since you had to install software using physical media? CDs, for example, reached their peak market share in the early 2000s, with sales exceeding $1 billion USD per year. In the years since sales have declined to less than a tenth of that number. In 2018, if you need a file, you download it. If you need access to an application, you log in from your browser.
This isn’t new information, but what is new is the extent to which things we take for granted have also enabled people to attack us. Advancements such as:
- Ubiquitous cloud computing
- Cheap high-speed internet
- Free social media
Have had severe drawbacks that go hand in hand with their benefits. The kind of massive attacks that make headlines nowadays – in which millions of people lose vital information, whole cities are held for ransom, and foreign adversaries infiltrate the power grid – are direct consequences of our convenient information age.
NextGen Security Protection Starts with Email & Mobility
Email and mobility represent the biggest area for hackers to breach your system.
In this article, we will discuss:
- What’s changed in information security for small businesses
- How attackers use simple techniques to breach small and large companies alike
- How users can secure their data from the ground up
Although information security is a difficult problem, it’s possible to protect your company and your users in just a few easy steps. Here’s what you need to know.
A Short History of Hacking – from Floppy Disks to File-Sharing
Do you remember what it was like to find a floppy disk with a virus on it? In the worst-case scenario, putting in the wrong disk would damage or permanently break your computer. If you were lucky, the infecting program would just print a line of insulting text on your screen. It was a simpler time.
Viruses used to be mostly harmless. As an example, one of the first PC viruses, known as Brain, took up just 7 kilobytes of memory. All it did was advertise a computer repair service in Pakistan. In the late 80s and early 90s, most viruses followed this basic pattern. Although a few were genuinely harmful, many were just pranks. They were limited by the size of the storage media that were used to transmit them, as well as by the limited storage available in most PCs.
Most PCs also didn’t have internet connections, or if they did they were very slow – even by the standards of the time. Therefore, most viruses weren’t transmitted via the internet in that era. In general, only large companies and government agencies had fast computers, internet connections, and secrets worth knowing. Information security was only a problem for a very small sub-class of users.
The first sign that things were changing was the advent of a virus known as Melissa. Melissa was one of the first viruses to spread via email, and certainly one of the first email viruses to cause widespread damage. The virus worked by means of an infected payload – an attachment that victims were persuaded to click on by means of a crude social engineering technique. The virus would then install itself, take over the victim’s email account, and send itself to the first 50 contacts in their address book.
Melissa’s immediate result was to create a massive email volume that knocked out ISP networks, rapidly causing over $80 million in damage. Its effects presaged a whole new era of internet crime, where attackers targeted victims indiscriminately, using email as a vector and social engineering as a method.
The Techniques behind Melissa Are Still in Use Today
The Melissa virus used a very simple three-step process:
- Convince a user to download a malicious attachment
- The attachment infects the user’s computer
- The resulting virus uses the initially infected endpoint to spread further
This workflow proved to be so simple that many if not most attackers still use it today. Using a false message to convince a user to open a malicious email attachment is a tactic known as phishing. According to Verizon’s 2018 Data Breach Investigations Report, 93% of all breaches involved a phishing attack. Additionally, Melissa was an indiscriminate virus – it attacked small businesses, home computer users, and larger companies indiscriminately. Most attackers in 2018 are similarly indiscriminate. According to the report above, small businesses represent 58% of cyberattack victims.
Lastly, modern viruses share one more thing in common with Melissa – they spread. Today’s viruses will automatically seek out corporate networks and spread from one node to another. For traditional attackers, the idea is to find stores of valuable information – usernames, passwords, credit card numbers, intellectual property, and more. For ransomware attackers, the goal is to find and delete a company’s backups, preventing them from restoring encrypted data.
For small businesses, the result of a full-blown attack isn’t just lost data, but lost livelihoods. Up to 66% of small businesses go permanently out of business as the result of a data breach.
How Can Companies Prevent Data Breaches?
If you’re part of a large company, then you have plenty of resources to deal with cyber attacks. Many large companies leverage a concept known as “defense in depth” to stymie attackers moving laterally through their systems. This involves layers of concentric firewalls that create layered internal networks.
Another tactic involves training employees not to click on phishing emails. This usually involves sending employees a series of fake phishing emails, rewarding those who don’t click and asking those who do click to watch a series of training videos. Although not 100% effective, this security awareness training can decrease the likelihood of a successful phishing attack by 75%.
For small businesses, the real problem with both of these approaches is money. Purchasing, configuring, and maintaining multiple firewalls costs money, as does the administration of security awareness training program. Small businesses are likely to have enough money to run a single firewall, and nothing else. Where does that leave them?
Let’s go back to the top. The biggest threat facing any small business is likely to be the classic pattern of an employee downloading a phishing email with a malicious attachment. Therefore, the most effective use of your limited budget dollars is to purchase a defense against this, the most likely scenario.
How can a Small Business Protect their Data?
At Qubit Networks, we are always looking to work with the most effective solutions. We feel confident in Check Point Software has created a firewall specific to this use-case. With a 100% breach protection rate, the software first isolates and sandboxes any message directed to a user’s email account – on both desktops and mobile devices. The firewall then sandboxes the email, allowing it to execute any malicious attachments in an environment where it can’t spread. If the email turns out to be malicious, it never reaches your user’s email.
Defending against computer viruses has never been easy, but fortunately, technology has developed at the same pace. Whether you’re defending against Melissa or modern ransomware, using the right tool for the job will help you mitigate these substantial threats.
Qubit Networks helps Indiana businesses identify their level of need for data protection starting with everyday email and mobile protection to network protection. Whatever the need, we will have you first identify your level of risk tolerance and establish solutions that will help small to large sized businesses protect their own client’s data and be profitable.