Website Attacks: How You Can Protect Your Organization

Computer and programming codes secured against website attacks

Malicious files and links regularly bypass security products, leaving many organizations vulnerable to web-based attacks including Ransomware, Phishing and data breaches like Emotet, Dridex, Maze, Lokibot, Wannacry etc. Organizations can enhance security against website attacks by following cyber security best practices like the implementation of a multi-layered security concept known as Defense-in-Depth.

Following the recommendations of the Cybersecurity and Information Security Agency (CISA) encouraging website administrators to review it’s updated “Tip on Website Security”, we are using this article as a public service educational piece with the hope that it will help those who manage websites for small organizations to take the necessary steps to protect against website attacks.

What is website security?

Website security refers to the protection of personal and organizational public-facing websites from cyber attacks.

Why should I care about website security?

Cyber attacks against public-facing websites—regardless of size—are common and may result in:

  • Website defacement,
  • Loss of website availability or denial-of-service (DoS) condition,
  • Compromise of sensitive customer or organizational data,
  • An attacker taking control of the affected website, or
  • Use of website as a staging point for watering hole attacks.

These threats affect all aspects of information security—confidentiality, integrity, and availability—and can gravely damage the reputation of the website and its owner. (more…)

Share

Comments Off on Website Attacks: How You Can Protect Your Organization

The Challenges of Data Leakage Prevention for Small Businesses

Hard drive with technicians trying to stop data leakage

With the rapid advances in technology and the attendant interconnected nature of computer systems, many business owners are becoming increasingly aware of the dire need to control the flow of information into, through and out of their enterprises, and challenges of trying to prevent data leakage.

For years, the focus of the business owner was on how to stop viruses, spam, network intrusions etc. Now the new threat is massive data leakage. This new threat affects all kinds of businesses large and small. According to a recent International Data Corporation (IDC) report, over 80 percent of respondents to a survey acknowledged that the fear of data loss and leakage was one of the biggest challenges facing their establishments. Of these, over 50 percent admitted that they were already victims of data leakage incidents. (more…)

Share

Comments Off on The Challenges of Data Leakage Prevention for Small Businesses

The Business Case for EndPoint Security in Small Organizations

According to BAE Systems, almost 50 percent of small businesses have experienced a cyber attack, and as much as 60 percent of hacked small- and medium-sized businesses go out of business after six months. By deploying endpoint security solutions, most cyber attack attempts can be prevented.

Devices and services protected by endpoint security solutions

Faced with limited IT personnel and budget, small business environment usually end up with non-standard computer configurations, inadequate or non-existent security policies, old equipment etc.

The impact of the failure of an endpoint on business processes can be a little scary sometimes. A good example is a call I got from a friend the other day. The boss’s computer had a couple of viruses and they had to disconnect the computer from the network.

Of course that meant business had to come to a halt because everything was on the boss’s computer. There were no anti-virus software on any of the workstations and of course no firewall of any kind, so it was free for all. (more…)

Share

Comments Off on The Business Case for EndPoint Security in Small Organizations

Web Browser Extensions Caught Spying On Chrome and Firefox Users

Representation of data transfer due to web browser extension spying.

Not too long ago, we warned users about why some online ads they see seem to be precisely targeted to their tastes and interests, including the spooky tendencies of websites remembering browsing and shopping preferences from visit to visit or device to device. It turns out that Avast and its recently acquired AVG, have been doing a lot of background spying and data pilfering through their “free” web browser plugins.

Data pilfering is widespread and very profitable, and data thieves seem to have no problem getting willing “victims” counting the number of people using “free” products that come with all kinds of terms and conditions. So much so that some even boast of the ability to provide “[I]ncredibly detailed clickstream data from 100 million global online shoppers and 20 million global app users” that advertisers can analyze “…however you want: track what users searched for, how they interacted with a particular brand or product, and what they bought. Look into any category, country, or domain.”

All from a user looking for a solution to protect them from online threats and installing a web browser extension that is supposed to protect them from such invasion of privacy.

As reported by the creator of Adblock Plus, Wladimir Palant, Avast has been spying on the users of their antivirus products, and appears to have been doing so for years, through their Avast Online Security web browser extension which is promoted as having the ability to provide “maximum protection” from spyware and other online dangers.

The sad fact is that sometimes, users are not even aware that they have the extension because the Avast Secure Browser has Avast Online Security installed by default and is hidden from the extension listing and cannot be uninstalled by regular means. (more…)

Share

Comments Off on Web Browser Extensions Caught Spying On Chrome and Firefox Users

Protect Your Business From Dangerous Cryptomining Activities

Why Small Organizations Should Be Worried About Illicit Cryptomining Activities

cryptomining activity

There is a scourge currently targeting small businesses and organizations and many are not even aware of it because it does not do anything sensational meant to cause harm. It does not install a virus, send phishing emails, or attempt to kidnap business data for ransom. That scourge is cryptocurrency mining, or simply cryptomining.

What is cryptocurrency?

Cryptocurrency is a form of digital currency that can be used in exchange for goods, services, and even real money, similar to other currencies. However, unlike other currencies, cryptocurrency operates independently of a central bank and uses encryption techniques and blockchain technology to secure and verify transactions.

To quote Malwarebytes, “Two words—“cryptography” and “currency”—combine to form “cryptocurrency,” which is electronic money, based on the principles of complex mathematical encryption. All cryptocurrencies exist as encrypted decentralized monetary units, freely transferable between network participants.” Or put more simply, cryptocurrency is electricity converted into lines of code, which have a real monetary value.  (See a detailed article by Malwarebytes on this topic here).

While Cryptocurrency may be in its infancy, its popularity continues to increase, some would say, exponentially. You may have heard of terms like Bitcoin, Litecoin, Monero, Ethereum, Ripple etc. These are just a few types of the cryptocurrencies currently available. (more…)

Share

Comments Off on Protect Your Business From Dangerous Cryptomining Activities

How To Protect Online Data Privacy Using Enhanced Tools

Mobile device showing the various tools of data privacy attacks

In the first place, and speaking of data privacy, have you ever wondered why some online ads you see are targeted to your tastes and interests? Or how websites remember your preferences from visit-to-visit or device-to-device?

The answer may be in the “web tracking cookies” installed on your computer when you visit a website, and other online tracking methods like:

  • Device fingerprinting where information is collected about your device for the purpose of identification,
  • Cross-device tracking technology which enables the tracking of users across multiple devices such as smartphones, television sets, smart TVs, and personal computer, and
  • Cross-site tracking where companies collect data on where you’ve been and what you’ve done across multiple websites.

What is a web tracker?

A web tracker is a small computer program (called script) placed by a website on your computer and is designed to collect information about your preferences and who you are as you interact with the site. Sometimes this script is placed purposefully by the website you’re on, other times a script may be from a website you’ve never visited. (more…)

Share

Comments Off on How To Protect Online Data Privacy Using Enhanced Tools