Ransomware now gives you the power to infect others.

At this point, you should know what Ransomware is. And why is that exactly? Because it’s loud; it’s proud, and it wants to shake the living data out of you and your business.

But just in case you require a recap, Ransomware is an especially ruthless form of malware. It will seep into your device and encrypt all your data. If you want your data back, you’ll have to pay for it. The amount of this payment will differ – dependent upon who you are, what they’ve encrypted, and whether or not they’ve attacked you as an individual or your company as a whole. But the price of your data can run anywhere from $100 to $1 million.

Now, however, malware authors have taken this in another direction. If you don’t feel like paying to have your data decrypted, then you can simply infect someone else.

Detected by the MalwareHunterTeam, this form of Popcorn Time Ransomware gives you two options. You can pay for your data, as per the norm. Or you can infect two other users with the malware. If both users pay for the decryption code, your data will be decrypted for free. This way is otherwise known as “the nasty way.”

While it’s slightly depressing to think about Ransomware ripping its way through friendships, that’s not the only possibility. You don’t exactly have to be friends or even acquaintances with someone to send this malware to them. You might be enemies. You could also be competitors.

Imagine what would happen if one CEO was infected with this form of Ransomware and then sent it off to two other CEOs of rival companies. Things could get real ugly, real fast.

So to avoid all of that not-so-fun stuff, here are a few quick tips to remember:

  1. Keep your system up-to-date – Never allow your browser or software to fall out-of-date. An out-of-date device is more vulnerable because there are larger holes for hackers and malware to slip through.
  2. Don’t download unknown attachments from emails – Phishing has become one of the most widely used point of entries for attackers and malware. When you download a malicious attachment from a phishing email, you may accidentally download Ransomware at the same time.
  3. Back up your data – Always keep your data fully backed up. If your data is backed up, then you don’t need to pay anyone to decrypt your data. Why? Because it’s safely stored offsite.
  4. Don’t click on toogood-to-be-true advertisements – Ransomware can also infect your computer via malicious advertisements on websites. Click on the wrong ad, and you could end up deciding between paying a large sum of money or infecting two poor souls with Ransomware.

No Business Too Small to Be Hacked

Paul Eichen at Rokenbok Education in Solana Beach, Calif. Last year, online attackers encrypted its database, making the data unusable. CreditTara Pixley for The New York Times

Just as the holiday shopping season neared, a toy company, Rokenbok Education, was navigating a nightmare situation: Its database files had been infected by malware.

Online criminals had encrypted company files, making them unusable, and were demanding a hefty ransom to unlock the data. Rokenbok, a California-based company that uses building blocks and even robotics to teach children how to think like engineers, lost thousands of dollars in sales in two days.

Rokenbok’s founder and executive director, Paul Eichen, was already struggling to adapt his seven-employee company to a fast-changing toy world. Even worse, the malware attack was not Rokenbok’s first. The company had been hit earlier with a denial of service attack that shut down the company’s website.

“I sweated that one,” Mr. Eichen said. “Customers’ first impressions are critical.”

Focusing on revenue over protection is far from unusual for small companies like Rokenbok. But it is an increasingly dangerous path, experts say. Limited security budgets, outdated security and lax employees can leave holes that are easily exploited by ever-more-sophisticated digital criminals.

Continue reading the main story

The threat to small businesses is growing, some experts say. Sixty percent of all online attacks in 2014 targeted small and midsize businesses, according to Timothy C. Francis, enterprise leader of cyberinsurance at Travelers.

“Smaller companies are easier to hack,” said Clay Calvert, director of security at MetroStar Systems, a Virginia-based firm. “They don’t have the resources to set up protective barriers.” Big companies, which have the financial resources to upgrade their security, have become less vulnerable.

These days, businesses like Rokenbok are especially susceptible to a type of malware called ransomware, which holds data hostage in return for money. Data is slowly encrypted by criminals until the entire system is locked up. The process can take up to 42 days, Mr. Calvert said.

Rokenbok’s ransomware attack made its database files unusable. But rather than pay the ransom, the company reconstructed its key systems, a process that took four days.

Although figures are hard to come by, experts say these kinds of attacks can be so damaging to revenue and customer expectations that many small businesses are forced to close after an episode like the one Rokenbok experienced.

And increasingly, as in Rokenbok’s case, criminals are going after cash through attacks using ransomware rather than through attacks on credit card data.

“Credit card numbers are harder to monetize,” said Christopher Young, general manager of the Intel Security Group at Intel Corporation. “You have to get the numbers and sell them to someone else before you make money.” Ransomware, he said, is high volume and requires no middleman. Hackers gain entry when employees click on malicious links in emails or download infected material.

Phishing attacks, which use malicious emails to steal data, are also on the rise, security experts added.

Given the increase in such attacks, being unprepared is like playing security roulette, said Robert Siciliano, chief executive of IdTheftSecurity.com.

“If you’re not deploying some level of security, you’ll go under,” he added. “You have to make time for quality control. The worst thing you can do is nothing.”

Mr. Siciliano recommends a security audit as a first step. The audit should take note of potential areas of risk, like customer data or employee access. “How secure — or not — is your system?” he said.

Strengthening security can be inexpensive and simple — something small businesses can do on their own, experts say. It can include updating antivirus software, adding firewalls and strengthening passwords. Or it can mean putting data in the cloud rather than on company servers, which may be more vulnerable. But often, given lean staffing, it makes more sense and can cost less in the long run to hire a firm that specializes in digital security.

Steven Annese, owner of the lighting and home décor company EliteFixtures, knew he needed tighter security as his business soared. So he outsourced security to a web performance and security firm, CloudFlare.

Mr. Annese uses a checklist to make sure security updates are installed. And he logs onto CloudFlare every day to see what threats have been blocked and to review site analytics.

“So far, we’ve never been hacked,” Mr. Annese said. “Security issues don’t keep me up at night.”

Among the simpler precautions small businesses and consumers alike can take is to create strong passwords. That has long been the advice of security experts but many say it is stunning how many people and small businesses fail to heed the advice.

Hackers use big-data analytics to help crack passwords, said Mr. Calvert at MetroStar Systems. “They have databases of passwords,” he said, “and they analyze how we come up with them.”

He recommends using passwords that are 20 characters or longer and that contain a mix of characters. The longer the password, the harder it is to crack. Password managers, which use software to encrypt passwords, are another option, he added.

The 5050 Skatepark, an 8,000-square-foot indoor park on Staten Island for skateboards, BMX bikes and scooters, rejiggered its passwords after being hit with a denial of service attack last fall that made its website unavailable. The skatepark, which generated $100,000 in revenue in 2014, attracts skateboarders from all over the world, said one of its founders, Edward Pollio. Having the website closed down was a blow to revenue, he said.

“The attack caused havoc,” said Mr. Pollio, who still has a day job as a carpenter. “People were asking if we were still in business. Not having a website is like being closed.”

Now, 5050 Skatepark is more strict about its passwords; it follows longstanding recommendations to use different ones for different accounts, like on Instagram and Twitter. And Mr. Pollio, who helped start the business with $50,000 of his own savings, monitors the site every day.

Employee training is also inexpensive, but important. Since most hacking episodes occur when employees click on malicious links or websites, education is the best defense, many security experts said.

Daniel Peebles, information technology manager at Andretti Autosport, the auto racing group based in Indianapolis, tackles education head on. Besides explaining malware and phishing through PowerPoint presentations, he sends emails to employees about the latest threats.

“You must definitely have a will to learn,” said Mr. Peebles, who served in the Army. “Attackers are always finding new methods. So you’ve got to keep up with the pace.”

Tom Gorup, security operations leader at Rook Security in Indianapolis, advised preaching security to employees from the beginning. He advocates offering monetary rewards for identifying security problems. “Become a guerrilla work force,” added Mr. Gorup, who also served in the Army.

Online security tutorials are helpful and free. They can be found on government sites like that of the Small Business Administration, which also has webinars, and the site of the Defense Security Service, part of the Defense Department.

Once security is in place, experts advise hiring ethical hackers, who test a system by hacking into it to spot vulnerabilities. “And they’re less expensive than being hacked,” Mr. Siciliano said.

Fighting the good fight against online criminals should now be part of any company growth strategy, he said.

Mr. Francis at Travelers said, “Once data is compromised, the ball is rolling in terms of cost.” Banks generally are not obligated to repay money taken from an account. And legal bills aimed at recouping that money can quickly pile up.

Worse, the criminals are hard to track down. They typically operate from office complexes in Eastern Europe or Russia. “It’s their business to hack businesses,” Mr. Calvert said.

Rokenbok reported its malware attack to the local police, who said the F.B.I. was more suited to do the investigation. So far, no one has been arrested in connection with the attack.

Original Story: http://www.nytimes.com/2016/01/14/business/smallbusiness/no-business-too-small-to-be-hacked.html?_r=0#story-continues-1

Back to the Basics: Malware 101

banking-malware-network-sniffer

School is officially back in session, which means it’s time for a little education.  And, with cyber security as hot of a topic as it is, let’s rewind just a little and go back to Malware 101: Basic Categories and Proper Defense Tactics.  Even if you consider yourself something of a cyber-security expert, it’s never a bad idea to keep things fresh in your mind.

Trojans

We’ve all heard the story of the infamous Trojan Horse that the Greeks built and used to sneak into the city of Troy.  Under the guise of an offering, the Trojan Horse was a backdoor into Troy and, ultimately, led to a Greek victory.

This is exactly how a computer Trojan works.

They trick you into believing you’re downloading a legitimate application or file but, in reality, you’re actually downloading malware.  Once it’s in, you’ve given hackers, viruses and other malicious malware easy access to your computer.  So, while they can’t replicate like viruses or worms, they’re just as dangerous and obtrusive.

From here, Trojans can view your web history, intercept your passwords, steal login information, remotely control your computer and use you for click fraud.

Worms7487317

Worms are great at finding your vulnerabilities and using them to their advantage.  They spread through various means such as email attachments, social networking sites and software loopholes.

From shutting down your system to drying up your resources, worms self-replicate without the need for a hacker or computer program.  They spread across entire networks quickly and with very little effort and can seriously damage any infected device or PC.

Viruses

This cyber-threat is probably the most well-known of them all.  In fact, most people tend to generalize cyber-threats as viruses; they don’t fully understand the differences between a Virus, Worm or Trojan… or any other malicious malware for that matter.

A virus spreads and self-replicates without the assistance of a hacker (much like a worm) but it needs to attach to a file or program to do so.  Usually, they spread through email attachments or instant messages.  This is where the whole, “Know what you’re opening and who it’s from” comes into play.

A virus can slow down your computer, mess with your operating system or “damage your hardware, software and files.”  The severity, degree and spread of a virus can vary significantly.

Proper Defense Tactics

So, how do you protect yourself and your devices from cyber-threats?  Well, it’s all about not staying cautious and remaining cynical.  Never open up something, click a link or visit a website unless you’re absolutely positive it’s legitimate.  If it seems even a little bit fishy, stay away… stay far away.

Another major element of cyber-security is making sure that your security and software is consistently up-to-date.  Going back to worms, they exploit your vulnerabilities to wiggle their way into your computer.  Vulnerabilities like these arise from forgotten patches, outdated software and poor security implementations.

Protect your network with Cenetric’s remote management solutions. Never worry about patching your PC’s again! Leave it to the experts. Call us today: (913) 210-1950 or email us at info@cenetric.com.

 

 

Cenetric Testimonials

testimonials_banner03

“Our Network has never run as smoothly as when Cenetric took  over our account!” -Rick

“Cenetric’s network monitoring has been a source of great comfort for me. My servers and desktops are monitored and patched every day. I don’t have to worry about security issues or problems that stop my staff from working anymore. As a business owner, this peace of mind has given me back my freedom to manage my business instead.” – Janelle

“Speedy Service is what I like best about Cenetric. Dave is here any time we need something!” – John

“We couldn’t afford to upgrade our server, but it was very old and running poorly. Cenetric’s team brainstormed with us and found a very cost effective alternative. Cenetric has been an essential part of our business for eight years!” – Cindy

Phishing 101: Avoid at All Costs

guy-snorkling-computer

If you’re unaware as to what exactly Phishing is, here it is in a nutshell.  Phishing is when an entity tries to steal your personal information from you.  Information such as credit card numbers, passwords and social security numbers are prime examples.  Usually, Phishing occurs in the form of an email.  It’ll sound urgent, but generic, and will blatantly request private information from you.

Here’s an example (and, try to picture this from any company that receives automatic payments from you such as your phone or cable company):

Dear member,

Your recent payment was not applied.  Please log in and update the credit card we have on file for you immediately.  If you fail to do so, your account will be deactivated. Please go to www.link.com to update. 

Thank you,

Company Name  

There are ways to identify Phishing emails.  Most of the time, the company name within the link presented will be misspelled or contain a symbol or number.  Also, check for misspellings and poor grammar throughout the email itself.

It’s best to use common sense, as well.  Make sure it’s relevant and plausible.  Would they really deactivate your account so quickly?  And, is your bill even due?

If you’re still unsure and feel there’s a need to confirm the legitimacy of the email, you have options.  Here are a few ideas:

  1. At the login screen, use the wrong password. But, as a warning, even if the site says it’s the wrong password, you’re not totally in the clear.
  2. Don’t click on the link. Instead, type the website into the URL bar yourself—not the whole thing, though.  If it’s coming from someone claiming to be from Verizon, only type in verizon.com. Leave out the rest.  You’ll be able to find billing or whatever it is you need from their homepage.
  3. If you do click on the link and a pop-up immediately displays, it’s best to exit out of your browser completely, reopen it and type the link in yourself.
  4. Most web browser have Antiphishing capabilities built-in. All browsers are different but it’s best to ensure your security panel is properly setup to include phishing protection.  They’ll warn you of any malicious sites you may come upon.

Cenetric is here to help you determine if emails are safe! Give us a call today, (913) 210-1950 or email us at info@cenetric.com.

3 of the Biggest Benefits of the Managed IT Model

IT can be a tricky concept to the business owner, and we all know how touchy technology can be at times. It can be working one minute, then completely incapacitated the next. This unpredictability is one reason why the concept of help desk support was created. It’s an important way to assist individuals when they need help most.

Some businesses have an internal help desk team, but these often double as an internal IT staff that has other pressing matters at hand. Due to this, basic troubleshooting services might not immediately be available to the average employee. This can put a damper on productivity, especially when the problem prevents the end user from accessing their workstation or mission-critical applications, which could lead to high levels of frustration.

Help-Desk-Support-gif1.jpg

Cenetric realizes that when you have a problem, it needs to be resolved as soon as possible. This is why we offer outsourced help desk services for small and medium-sized businesses like yourself. Here are three benefits of Cenetric’s managed help desk support service.

Remote Tech Support
How often have you been on a business trip and your technology starts to act up? One of the most efficient ways of experiencing help desk support is through our remote support solutions. Most of the time, problems with technology can be diagnosed and resolved remotely. These measures allow us to assess your technology problems without an on-site visit. This makes life easier for both parties involved. You get immediate assistance with your problem, while we avoid a time-consuming road trip to your office.

Our Service Never Rests
You’ve undoubtedly experienced technical issues, but what happens when you can’t get a hold of tech support? You’re left with lackluster technology and no way in which to get it working again. If this happens, it could have a negative effect on productivity.

Help-Desk-Support-gif2.jpg

We know that nothing is more important than IT issues which are preventing your team from functioning at maximum efficiency. If your IT staff is bogged down by their daily duties, we’re always available to assist inexperienced and seasoned technology users alike.

No Unexpected Bills
If you’re using standard technology support, they likely charge by the hour. This means that businesses which experience a lot of tech troubles will quickly accrue a hefty bill that doesn’t necessarily reflect resolved issues. Most technology support hotlines will try to milk your team for all they’re worth when they have a technology issue. Instead of concentrating on helping your team fix problems and ensure they don’t happen again, these technology companies typically hold a break-fix business model.

Cenetric practices the exact opposite business model. In our eyes, there’s a mutual benefit to having your technology problems fixed the first time. You get the reassurance that the problem won’t come back stronger than ever, and we gain the satisfaction that we’re providing the best service possible for our clients. We pride ourselves in our work ethic, and as long as you’re succeeding in your business endeavor, so are we.

Quality help desk support doesn’t have to be difficult to find. Call Cenetric at 913.210.1950 today to find out more about remote tech support and our other managed IT services.

6 tips to keep you safe online this holiday season

The holidays are upon us, and you know what that means.  Lots and lots and lots of shopping.

For serial shoppers, this is great news.  For everyone else out there, not so much.  And for those people who are filled with dread, they’ll do as much online shopping as they possibly can.  Which isn’t a bad thing, but it does come with a certain amount of risk.

When you shop online, it doesn’t matter how well you hide your card as you type the numbers into the browser.  A hacker from across the world can swipe it in mere seconds and with minimal hassle.  shopping-phoneBecause of this, you must know what it takes to shop online safely.  Here are a few simple tips to get you started.

Check for the lock icon.

When you’re shopping on a website, you should always make sure there’s a lock symbol present in the address bar.  If there isn’t one present, then don’t buy anything.  The lock symbol basically indicates that the site is secure and that your data will be encrypted while in transit.  This means that someone would have a really hard time snatching up your information and understanding what it is.

Use credit cards.

It’s always a good idea to shop with credit cards rather than debit cards and for a few reasons.  For starters, if a hacker gains access to your credit card information, you don’t want them to have the ability to drain out your personal bank account.  It’d be better if they just maxed out your credit card instead.  Also, credit card companies usually have better fraud protection services – for example, they give you a longer period to alert the company of a potential fraudulent charge.

Make sure everything is up-to-date.

If you are going to do any shopping online, make sure your browser and device of choice are completely up-to-date.  Updates are pushed out for good reasons, like patching security vulnerabilities.  If these vulnerabilities don’t have to be there, then don’t allow them to be there.

Keep track of your statements.

Whether you’re shopping in the store or online, you should always keep track of your bank statements – especially during such a busy shopping season.  The sooner you spot fraudulent charges and suspicious activity, the better off you’ll be.

Avoid unknown websites.

Yeah, sure.  You might want this really funny shirt off this really random website for your second cousin twice removed – but is it really worth credit card fraud?   Probably not.  Do your best to avoid websites you don’t really know all that well.  Stick to larger websites, like Amazon, Target, and Etsy.  Not only are these websites typically more secure, but they can usually back you up if something goes awry during the purchasing process.

Steer clear of public Wi-Fi.

Public Wi-Fi isn’t always what it’s cracked up to be.  Skilled hackers can set up fake Wi-Fi hotspots, and once you connect to a fake hotspot, the creator will have the ability to monitor everything you type and everywhere you go.  Which is certainly not good.  Never access financial information or shop online when you’re on-the-go and connected to public Wi-Fi.  Only do these things on a trusted connection.

If you have any questions or doubts, contact us and we’re more than happy to help! (913) 210-1950.

Conflicting Views of the Cloud

cloud

Cloud computing is here to stay. Yet, there are still companies hesitant to adopt the cloud. While every business that hesitates migrating to the cloud has its own reasons, one common source of conflict that we’ve seen is the opposing view between the business owner and their IT department.

This difference in view typically stems from the business owner being sold some big promises about how the cloud can revolutionize their operations, whereas IT personnel may be hesitant to relinquish too much control to the cloud. Granted, we have seen situations where the reverse is true, but for the sake of this article, let’s follow the logic of the former.

Benefits of the Cloud Promised to Business Owners
For business owners, the cloud comes with some pretty strong selling points. According toInformationWeek, here are three benefits to the cloud that get business owners excited about adopting the technology:

  • Business leaders see improved speed to market.
  • The ability to rent instead of own, especially as things relate to new ventures that might not be permanent.
  • The ability to rent infrequently used assets (like those for disaster recovery).

For the business owner, all three of these benefits speak to something near and dear to their heart: return on investment. If cloud computing can live up to the marketing promises that spew across a business owner’s desk, inbox, and social media timelines, then they’re going to gravitate toward the cloud and demand that their IT department implement it for business reasons, not technical reasons.

Reservations IT Departments May Have about the Cloud
Herein lies the all-too-common conflict between a business owner’s money-saving decision making and the guarded reservations that an IT administrator might have about making too dramatic of a change to their IT systems. InformationWeek goes on to explain the IT technician’s point of view:

  • Self-preservation: “Why should I support something that’s going to put me out of a job?” Developers obviously don’t feel this way. But folks responsible for racking-and-stacking? Of course they feel threatened by work being done in an Amazon or Google data center.
  • Span of control: Being responsible for outsourced infrastructure makes people feel like they’re getting in trouble for someone else’s mistake when that infrastructure is unavailable.
  • Disbelief: The line of thinking here is, “This is just a fad, it’s not really going to help us, and we’ll go to a lot of trouble for nothing.”

At the end of the day, migrating a company’s IT infrastructure to the cloud is a major move that affects everyone, business owners and IT technicians alike. Therefore, both parties need to be on the same page about the cloud and have a clear understanding about what it can do, as well as why adopting it is in the best interest of the company.

Cenetric is here to help communicate the benefits of cloud computing to both parties. As a managed IT company and a small business, we’re in a unique position to speak to the needs and understand the pain points of business owners and IT departments alike. To have a relevant conversation about cloud computing that takes into account these two perspectives and more, give us a call at (913) 534-8655.

Even Homeland Security’s IT Is Preparing for a Security Storm

Just like any other high-profile entity, a government should place great emphasis on its IT infrastructure. The U.S. government is moving through 2015 with an increased awareness of the state of cybersecurity, and with all of the huge security breaches that happen almost regularly, it qualifies cyber threats as important as other national security threats.

Jeh C. Johnson, the Secretary of the U.S. Department of Homeland Security, admitted at the annual RSA Conference that he believes cybersecurity will take precedence in 2015, despite the apparent lack of talent which the agency currently has for it. He states that filling this deficit is going to be important going forward, and that cybersecurity will likely join the ranks of other threats to the safety of the American homeland.

Johnson made it evident that he has big plans for the government’s IT security infrastructure. He explained the function of the National Cybersecurity Communications Integration Center (NCCIC, or N-KICK). This agency is the first step toward creating a place where direct communication between the masses and Homeland Security can occur. Citizens can report threats directly to the center. In 2014 alone, there were around 97,000 instances of security problems from private sector firms, and this number is only going to increase as time goes on. The center has a team that works around the clock to respond and resolve issues as quickly as they can.

This shouldn’t come as any surprise, though, especially considering how technology has practically taken over society. The Internet of Things isn’t helping, either, which brings more connected devices into the mix. This, in turn, puts more networks at risk, and pushes for more stringent security precautions to be integrated. To make matters worse, hackers use more sophisticated and powerful techniques than they used to, like spear phishing. These attacks make it more difficult to see attacks for what they truly are, and have a way of slipping through even the most advanced defenses while remaining undetected. These social engineering threats trick people into giving away personal information, which is a clear distinction from the ordinary variety of hacks.

If the government is concerned over cybersecurity, then your business should also see it as a top priority and be prepared to handle any threat that shows its ugly mug to your network. With so many different kinds of threats out there, it can be difficult to consider solutions that protect you from it all.

This is why Cenetric offers our Unified Threat Management (UTM) solution to small and medium-sized businesses. It comes fully equipped with a firewall, antivirus, spam blocking, and content filtering solution, which will give your business enterprise-level security. Give us a call at (913) 534-8655 to learn more.

Alert: Critical Microsoft Office Flaw Patched

‘Tis the season for technology vulnerabilities and exploits. In addition to Sandworm and Cryptowall 2.0, another flaw has been found in Microsoft Office. This particular threat allows a hacker to gain control of a computer system, making it a dangerous and potentially threatening gamble for your business to ignore it. Thankfully, the issue has been patched, and the fix is now available to the public.

Microsoft issued a security advisory on October 21st stating that the vulnerability, which allows remote code execution, is found in all supported versions of Microsoft Windows, excluding Windows Server 2003. The threat is triggered by opening an infected Microsoft Office file which contains an OLE (Object Linking and Embedding) object. If the hacker is successful, they can potentially gain the same user rights as other users on the PC, making it a very dangerous vulnerability indeed. If hackers are able to access the system, they can delete data, install malware, or other malicious activity.

The patch for this vulnerability was issued earlier this November, so if you still haven’t patched your systems from this threat, it’s important that you do so as soon as possible.

Thankfully, the vulnerability requires security permission from whoever has the administrative privileges on your business’s PCs. This means that if you were to download an Office file from the web, a window will appear asking if you are sure you want to download it. An example of Object Linking and Embedding (OLE) is embedding an Excel spreadsheet in a Word document.

combining files

Officially, Microsoft says that any Office file utilizing an OLE object is vulnerable to being infected with this threat. Here are some tips you can use to protect yourself until you apply the security update.

  • Enable the Windows Consent Prompt: In the observed attacks, the User Control Account interface displays a window with a consent prompt. This appears depending on the privileges of the current user, before the file can be downloaded. Make sure that this feature is enabled, as it can prevent you from downloading infected files before it’s too late.
  • Enable fewer user rights on your systems: The hacker who infiltrates your system will gain the same usage rights as the currently logged-in user. This means that the more user rights they have, the more damage they can do. Either way, the average employee shouldn’t have administrative user rights, as it could lead to them performing unapproved tasks, like downloading unnecessary software and such.
  • Avoid email phishing attacks: In theory, a hacker could convince an unaware user to visit an infected web page which could contain a vulnerable office file. They will typically do this by using links in malicious emails. Keep an eye out for suspicious activity, and never click on a link unless you know where it goes.
  • Avoid downloading files from the Internet in general: Files from the web can contain any number of worms, viruses, malware, adware or other malicious entities you want nowhere near your network.

As always, it’s important that you apply the latest security updates as they are released. Cenetric can take care of this for you remotely and efficiently, so you don’t have to take the time to do so yourself.