Threats facing businesses cannot be narrowed down to any specific type of attacks. Instead, what most businesses are fighting against is a complex engine of cybercrime with many different forms and variations. Criminals are constantly devising new forms of attacks to stay ahead of the game.
Keeping up with these changing tactics is a job for the F-Secure Labs—not you. But there are some basic precautions you can and must take so that way the expert virus hunters know can be used to protect your company’s irreplaceable assets.
1. Never reuse your work passwords for personal accounts.
You need to make sure your work passwords are strong, reasonable for you to remember and unique! The last thing you want is a Facebook or webmail hack to lead to a compromise of your work network. Also avoid using your work email for personal accounts.
2. Use a separate browser for work and web browsing.
This is good for both focus and security reasons. If you do any banking for work or use any secure credentials do it all in one browser such as Chrome or Firefox. Then use another browser for research or personal communications to minimize the chances of compromising your company data.
3. Always lock your PC when you’re not in front of it.
This piece of advice almost goes without saying but we have to remind you that an unlocked PC should be thought of like an open wallet. You probably wouldn’t ever walk away with that in plain sight, would you?
4. Make sure you’re running the latest versions of all your software.
Yes, that’s all your software, like operating systems, plugins such as Flash and Java, Microsoft Office and any browsers in use – not just security software. However, keeping up with software updates can be a time-consuming, costly process. Our new Software Updater feature makes this easy.
5. Be sure your organization has solid security product coverage on all layers of your IT environment, from laptops and desktops to servers and mobiles.
In case you’re unsure of how to stay protected or lack the resources for it, find an expert who can guide you through security issues and knows the dangers out there.
We believe that keeping your organization secure doesn’t have to be time consuming or difficult. With the right solution and the right partner, you can devote your time and resources to your commercial priorities – without compromising on security.
What smells so good? Could it be history? On Tuesday, F-Secure's corporate security team traveled to Dresden to pick up its fourth straight Best Protection award from AV-Test.org. We are now the only vendor in the history of the award to win the honor four years in a row. “Since 2011, F-Secure's security product has been a guarantee of high protection in corporate environments,” says Andreas Marx, CEO of AV-TEST. That's four years straight of the industry's best protection in a solution that provides the technology that's the basis for all of our security solutions. Success like this doesn't just mean we're good once in a while. It means we're the best every day, as the award goes to the solution that provides the most consistent protection throughout the year. We blocked 955 out of 958 real-world threats -- a 99.67 percent blocking rate -- and 112,059 out of 112,090 wide-spread malware with an astounding 99.97 percent blocking rate. That means we're about 2.67 - 2.97 percent above the industry standard. All this means if you don't use F-Secure, you could be exposing your business to thousands of more possible infections every month. You can compare these results to our competitors here. How do we do it? It's kind of like building the perfect sandwich. F-Secure Client Security layers antivirus on top of firewall on top of antispyware on top of rootkit scanning. We slather on the browsing protection to block dangerous websites. But it's not enough to block the threats we know about. That's where the secret sauce comes in. Our DeepGuard engine provides protection that reads criminals minds. As AV-Test's Andreas Marx said, “F-Secure is secure, innovative, and straightforward.” Excuse us. This is making me very hungry. We need to take a bite. Cheers, Sandra
Ordinary people here in Finland have been confronted with yet another cybersecurity acronym lately, DoS. And this does not mean that retro-minded people are converting back to the pre-Windows operating system MS-DOS that we used in the eighties. Today DoS stands for Denial of Service. This case started on New Year’s Eve when customers of the OP-Pohjola bank experienced problems withdrawing cash from ATMs and accessing the on-line bank. The problems have now continued with varying severity for almost a week. What happens behind the scene is that someone is controlling a large number of computers. All these computers are instructed to bombard the target system with network traffic. This creates an overload situation that prevents ordinary customers from accessing the system. It’s like a massive cyber traffic jam. The involved computers are probably ordinary home computes infected with malware. Modern malware is versatile and can be used for varying purposes, like stealing your credit card number or participating in DoS-attacks like this. But what does this mean for me, the ordinary computer user? First, you are not at risk even if a system you use is the victim of a DoS-attack. The attack cannot harm your computer even if you try to access the system during the attack. Your data in the target system is usually safe too. The attack prevents people from accessing the system but the attackers don’t get access to data in the system. So inability to use the system is really the only harm for you. Well, that’s almost true. What if your computer is infected and participates in the attack? That would use your computer resources and slow down your Internet connection, not to speak about all the other dangers of having malware on your system. Keeping the device clean is a combination of common sense when surfing and opening attachments, and having a decent protection program installed. So you can participate in fighting DoS-attacks by caring for your own cyber security. But why? Who’s behind attacks like this and what’s the motive? Kids having fun and criminals extorting companies for money are probably the most common motives right now. Sometimes DoS-victims also accuse their competitors for the attack. But cases like this does always raise interesting questions about how vulnerable our cyber society is. There has been a lot of talk about cyber war. Cyber espionage is already reality, but cyber war is still sci-fi. This kind of DoS-attack does however give us a glimpse of what future cyber war might look like. We haven’t really seen any nations trying to knock out another county’s networks. But when it happens, it will probably look like this in greater scale. Computer-based services will be unavailable and even radio, TV, electricity and other critical services could be affected. So a short attack on a single bank is more like an annoyance for the customers. But a prolonged attack would already create sever problems, both for the target company and its customers. Not to talk about nation-wide attacks. Cyber war might be sci-fi today, but it is a future threat that need to be taken seriously. Safe surfing, Micke Image by Andreas Kaltenbrunner.
Since news of the now infamous "Sony hack" broke, some experts have been skeptical that the government of Kim Jong Un was directly behind what appears to be the "worst hack any company has ever publicly suffered." Before the hackers dumped emails designed to humiliate the company then posted a note on Pastebin threatening the release of the "The Interview" with the ominous line “Remember the 11th of September", our Security Advisor Sean Sullivan posited a theory. He suggested that "the attack was an attempted shakedown and extortion scheme." Few companies are as vulnerable to public acts of humiliation -- thus as vulnerable to extortion -- as a global media company. But nearly every company risks potential massive financial damage from the exposure of confidential data. So what does that mean for you and your business. Here are five simple takeaways that may seem obvious to you but may not have seemed so clear to Sony: 1. If your business' network is going to be breached, it's probably going start with an employee clicking on an email attachment. "It’s interesting that, while the array of tools is diverse, the basic methods of gaining access to a victim’s environment are not," Verizon noted in its most recent Data Breach Investigations Report. "The most prolific is the old faithful: spear phishing. We (and others) have covered this ad nauseam in prior reports, but for both of you who have somehow missed it, here goes: A well-crafted and personally/professionally-relevant email is sent to a targeted user(s), prompting them to open an attachment or click a link within the message. Inevitably, they take the bait, at which point malware installs on the system, a backdoor or command channel opens, and the attacker begins a chain of actions moving toward their objective." With the wealth of information available about executives online, targeting an infected email attachment to a specific user remains the most reliable method of penetrating a network. Most of us have been using email long enough to know that a message with a file included that reeks of unprofessionalism may be dangerous. But if the email seems crafted and personal, we still may be fooled. Security education will never cure the plague human error, which is why your IT department is working overtime to break the "delivery-installation-exploitation chain". Still the basic caveat applies: Never open an attachment you weren't expecting. 2. Don't store your passwords in a folder called "Passwords". Seems obvious. But it appears Sony may have done just that. Verizon reports that credentials are the number one hacker target. With 62 percent hacks not discovered until months after a network has been hacked, the intruders will have plenty of time to poke around. Don't make it easy. 3. Plug the holes. Keep all of your system, application and security software patched and protected -- especially browsers. Don't use Java plugins. Or get protection like F-Secure Software Updater that keeps you patched seamlessly. 4. Links in email can be as dangerous as attachments. It turns out that years of indoctrination have has some effect. Users are more skeptical of attachments than of links in emails that can lead to "drive-by" web attacks and/or phishing scams -- but not skeptical enough. About 8 percent will click on an email attachment while "18 percent of users will visit a link in a phishing email. Users unfamiliar with drive-by malware might think that simply visiting a link won’t result in a compromise." 5. Remember that email is forever. Dance like no one is watching; email like it may one day be read aloud in a deposition. — Olivia Nuzzi (@Olivianuzzi) December 13, 2014 Cheers, Sandra