'Malware': what it is and how to protect yourself from it

There's more than just 'computer viruses' to think about these days.  While you are probably most familiar with the term 'virus', things have gotten a lot more sophisticated since the term was first coined in the 1990's to describe any kind of malicious software attack. The virus is now just one form of 'malware' (short for malicious software). Virusesworms, spyware, ransomware, keyloggers, trojan horses, adware... etc etc. are all forms of malware.  

Malware can crash your system and corrupt your entire data history. 'Cryptolocker' is an example of ransomware currently doing the rounds; it does exactly as its name suggests – it is usually an email that has a malicious attachment. When the attachment is opened it locks all your files until you pay a 'ransom' to get it back. Sounds like a movie plot but this is actually happening locally! Basic ransomware locks you out of your computer until you pay a ransom to get it unlocked (or refuse and lose your data). More advanced types of ransomware encrypt the files so that they cannot be read until the encryption key is provided. Other types of cyber attack use multiple computers to bombard your business's server with thousands of requests, essentially overloading then crashing it so that its real function cannot be carried out.    

How do they 'get' you? 'Phishing' is a common strategy for hackers. Using this method a hacker sends out an email that is either addressed to you by name or contains something that your internet browsing history indicates you are interested in. Once you open the attachment or click on the link in the email you run the malware. Not sure how they get details such as your name or browsing preferences? Every time you enter your details for an online competition, download an 'app', or go to a website you are making that information available.  Phishing can also be carried out through Facebook - so be very wary about what you open there too.  

A recent study showed that despite knowing the risks associated with clicking on links and opening attachments from unknown senders, a LOT of people still do it. Apparently this lack of caution is driven mostly by curiosity... (You can read about the study and the results here.) 

These attacks are not personally targeted – they merely find and exploit weaknesses in your internet/cyber security.  The internet provides an impersonal pathway for criminals and malicious individuals to attack you for financial gain (or in some cases just for the kick of it). Due to the impersonal and unregulated nature of the internet it's also impossible to catch and punish the people responsible. These guys (and girls) demand THOUSANDS from their victims to get business files unlocked and it can also mean days spent repairing totally corrupted systems. It's no fun and its extremely expensive! Not to mention that the loss of irreplaceable data such as sales, quotes, customer info, manuscripts, records, financials, and key documents can be devastating. 

Here are five things you can do to help protect yourself or business:

1. If you get an email from a sender that you don't know, do not open the attachmentsthat come with it (especially .zip attachments)  – even if it’s personally addressed to you!  The attachment may actually be a malware installer. Once its opened the proverbial 'cat' is out of the bag. Put it aside and contact Ohnyx who will assess its legitimacy for you. (There is a link to another article here where Jono answers some questions on this issue in a bit more detail.)

2. If you get an email from a sender that you don't know do not click on any links in the email. Like attachments, the link may actually be a malware installer. Once its opened the game's up. Put it aside and contact Ohnyx who will assess its legitimacy for you.  

3. If you get an email from a sender you recognise (such as your bank, ebay, amazon etc.) but they are asking you to confirm details such as passwords and pins, bank accounts, or credit card numbers be very wary. Do not provide any details  in response to requests via email. Look-alike emails, and emails that look legitimate because they are addressed to you is a common method for duping unsuspecting people into giving away their passwords (and money!) This is phishing! 

4. Put proactive cyber-security steps in place. Often, malicious content can be detected and prevented from even getting to you or your staff's inboxes by the having the right set-up and anti-malware. Also make sure to allow the updates of your Microsoft packages to run – often theses are 'fixes' of newly identified 'gaps' that cyber attackers use to evade the security measures built into your computer's software. 

5. Never plug in USBs / data sticks that you find – finding a USB in the carpark and taking into the office to 'see if you can figure out who it belongs to' is a huge no-no and often the means for the introduction of malware into computer networks. Don't take USBs from home to the office either.

That's really all we have room for here – If you think you, or your team, would benefit from learning more on cyber security we would be happy to come to your workplace and do a (free) morning-tea session on this topic.