Your Users Click Bad Links

Back in 2013, the IT industry started having “fun” with the newly released malware, Cryptolocker. Unlike previous malware programs or viruses, Cryptolocker took good data, encrypted it making it unusable, and held it hostage until you paid the author of the malware to unencrypt it.

At the time Cryptolocker was forwarded mostly from an email attachment that users would open and run. While this was not a new way for a virus or malware program to spread, Cryptolocker arguably had more devastating effects on businesses than attacks of the past. As such many IT firms, and administrators took action to block many email attachments, as well as educating their users.

Our efforts seem to have paid off!

Cybersecurity firm Proofpoint reports that in Q2 2019, a whopping 85% of malicious emails did not contain an attachment. This is likely a result of the efforts of the IT community over the last few years, along with so many users being burned by opening something they shouldn’t have.

But before you celebrate too much, keep in mind there are still a plethora of emails aimed at attacking your business and wrecking your data.

Remember the 85% of the malicious emails that didn’t contain an attachment that we talked about earlier? Those emails all had one thing in common: they contained links to malicious file downloads. This means that while our users may be doing a better job not opening file attachments when they shouldn’t, they are doing worse at not clicking links when they shouldn’t.

What can you do to protect your company and your users from the damages of clicking bad links in emails?

Firstly, you have to remember there is no silver bullet single solution to a problem like this. Your company security should be structured like an onion, layer after layer. The idea is, if an attack can make it past one layer of security, there are more layers behind ready to stop it. Below are my top 5 suggestions for key security layers that should help your firm protect against users accidentally clicking the wrong link!

  1. User training – This is number 1 on my list for a reason, it is the most critical part of any security plan, and often the most overlooked. After all, at the end of the day links inside of emails do not click themselves. The most sophisticated security setup in the world does little good if someone inside lets the bad guys in.
  2. DNS Filtering – Most links take users to a domain name, rather than an IP address. This means that after the link is clicked, the user’s computer has to connect to a DNS server to look up the appropriate address of where to connect. Using a service such as Cisco Umbrella (formerly known as OpenDNS) filters out the bad DNS names, and stops the users from connecting after they clicked the link.
  3. Firewall Content Filtering – Depending on your firewall’s ability, this could serve to both filter DNS related items like our #2 recommendation above, and it could read the data as it comes through and filter out what it sees to be as bad.
  4. Antivirus – Antivirus is still a critical part of any security plan and should not be overlooked. It is critical to realize, however, that Antivirus is reactive in that its job is to stop threats after they are already on the user’s machine. Items #1-3 on this list are proactive, in that they stop the threats prior to getting to the user’s machine.
  5. Patching – Even though this is last on this list, it is still a very critical part of any good security plan that should not be overlooked. Once a security patch is released for Windows or 3rd party application, the bad guys are able to look at that patch, see what the security flaw was, and then write malware that takes advantage of unpatched computers.

We deal with security every day at Sikich and would be happy to help your firm with implementing a security plan. Contact us today!

This publication contains general information only and Sikich is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or any other professional advice or services. This publication is not a substitute for such professional advice or services, nor should you use it as a basis for any decision, action or omission that may affect you or your business. Before making any decision, taking any action or omitting an action that may affect you or your business, you should consult a qualified professional advisor. In addition, this publication may contain certain content generated by an artificial intelligence (AI) language model. You acknowledge that Sikich shall not be responsible for any loss sustained by you or any person who relies on this publication.

About the Author