Oh what a tangled Web We Weave (WWW)!
This Saturday marks the twenty-third anniversary of the World Wide Web, the day the platform was released to the public, connecting one and all. Not to be confused with the Internet that powers it, the Web was invented by a British computer scientist at the European Organization for Nuclear Research (CERN), Sir Tim Berners-Lee, in 1989. Four years prior to its April 30, 1993 date of birth, the Web served as a collaborative tool for Lee and other academics and scientists. Fast forward two decades later, and the digital landscape has evolved into an increasingly interconnected arena for sharing ideas and culture.
With the explosion of data and number of connected devices storing and transmitting it, the Web isn't all fun and games. And, as history teaches us, if your clients aren't careful, they could find themselves helpless, unsuspecting house flies ensnared in the wicked tapestry of some hacker's malicious scheme.
From NetScape, Opera and Internet Explorer to Safari, Firefox and Chrome, the Web has certainly evolved over the years in terms of browser design, functionality and overall sophistication. The same can be said for OSs - one need only compare the memorable features, games and visuals of the groundbreaking Windows 95 to those of the new Windows 10 to appreciate the advancement of the computing experience.
Similarly, navigating the cyber landmines of early 2000's malware like ILOVEYOU, Code Red and Conficker seems a lot easier in retrospect than the super difficult level of Minesweeper we're currently faced with online. As we explain in Cybersecurity Tips for Employees: The Complete Guide to Secure Behavior Online and in the Office, threats to your clients' data are growing in complexity, frequency and means of attack.
In our new eBook, we cover the various information security topics you need to educate clients on, including:
- Physical security precautions
- Email threats
- Username and password management
- Mobile security
- Secure website browsing
The birth of the Web has brought with it three particularly noteworthy cyber threats responsible for jeopardizing the security of small-and medium-sized businesses' (SMBs) browsing activity: malvertising, social media scams and web-based exploits. Have you taken the time to teach users the nature of each and how to prevent data compromise?
As defined by Malwarebytes, malvertising is "a form of malicious code that distributes malware through online advertising." These ads can live on any website, not just shadydarkwebdomain.com. Like most cyber attacks, malvertising involves social engineering tactics designed to trick users into clicking a seemingly harmless and legitimate pop-up. While you may know better, your clients may not necessarily be distrustful of that desktop notification that warns them their antivirus is out of date and they need to upgrade, or that message claiming their device has been infected and they must download software to correct for it. By that point, it's too late. Your users have already installed the malware, giving attackers access and all the power to extort you with ransomware. Don't let hindsight be 20/20. You can take action now by explaining to clients exactly what they're dealing with and help prevent the spread of malware and other cyber threats. Malvertisements are especially easy to deploy and get away with so it's not suprising they're a popular threat vector among cybercriminals. In the likelihood that more malvertisements and malware will continue to litter the Web, the time to have this conversation is now.
2. Social Media Scams
The most troublesome forms of cybercrime are almost always the most subtle. Consider the degree of importance a social media account holds for people. For many, their Facebook and/or Twitter profiles are extensions of themselves, their online identities. Think about your newsfeed and how many unfiltered moments you read on any given day. What's on Johnny's mind? How about his unadulterated hatred for his boss who made him work late again? What song lyrics remind Brad and Jennifer of their terrible relationship that they're #blessed to be rid of? Face(book) it. Despite it being horribly inappropriate (in the case of job-related negativity) or just TMI (in the case of the former, fictional love birds), people sometimes use social messaging as a sort of online diary, allowing themselves to be vulnerable under the guise of a secure network.
It's when they're at ease and as trusting as a lamb that lies with a lion, that attackers like their prey the most. These cybercriminals want your clients to let their guard down and succumb to absentminded behavior beyond venting, like clicking a phishing link in a direct message or authorizing a rogue application. You may have heard of the highly resilient Koobface worm which once executed, steals personally identifiable information (PII) and can even infect an entire network should the attacker establish a botnet. Bet you knowing this will make your clients think twice about playing Candy Crush or any other wildly popular - and therefore, highly attractive to target - social game!
3. Web-Based Exploits
You know how people warn you that not getting enough sleep or fluids will weaken your immune system? After a week of doing nothing to improve your health, you find yourself anchored to a tissue box and watching your intake of cough drops (Luden's of course) so as not to upset your already questionable stomach. It works the same way with Web-based exploits. According to Heimdal Security, in approximately 70 percent of these attacks, the direct target was a pre-existing vulnerability on the victim's computer. True to the threat's name, attackers exploit software vulnerabilities present in Oracle Java and Adobe products, so these applications, as well as the browsers they run on, must always be kept up-to-date and patched. Otherwise devices won't be at their healthiest and will have difficulty warding off infection like notorious ransomware, TeslaCrypt. When was the last time your clients or prospective clients updated their OS? Are they still running on Windows XP, even after Microsoft EOL'd it? Do they know how often Microsoft releases security patches, indicating a previously undetected vulnerability that needs to be managed?
In the children's classic, Charlotte's Web, the spider for whom the storybook's title is named after spins pleasant, inviting messages into her impressive web. While yes, these messages are meant to stop Wilbur from becoming the bacon Templeton (the original pizza rat) scarfs down in one of his late night binges, they still captivate all who witness them, drawing the town and indeed the reader in.
Ever since its birth in 1993, the World Wide Web has become a staple in our daily lives, both personally and professionally. Although it's revolutionized the way we communicate and share information today, the Web has also become a breeding ground for illegally obtaining this data. Are you clients prepared to deal with it or could they be walking through spider webs and not even know they've been hit with a bug?
In the end, it is your responsibility as their strategic advisor to urge clients to adopt the following secure habits when it comes to browsing the Web:
- Be conservative with online downloads.
- Beware antivirus scams.
- Interact only with well-known, reputable websites.
- Confirm each site is the genuine site and not a fraudulent site.
- Determine if the site utilizes SSL (Secure Sockets Layer), (Secure Sockets Layer), a security technology for establishing encrypted links between Web servers and browsers.
- Don’t click links in emails—go to sites directly.
- Use social media best practices.
To make it easier for you to educate your clients and prospects, we've packaged these insights into one comprehensive, SMB-friendly eBook. Share around now!
By Lily Teplow
By Brian Downey
By Dave LeClair