Back in 2013, the IT industry started having “fun” with the newly released malware, Cryptolocker. Unlike previous malware programs or viruses, Cryptolocker took good data, encrypted it making it unusable, and held it hostage until you paid the author of the malware to unencrypt it.
At the time Cryptolocker was forwarded mostly from an email attachment that users would open and run. While this was not a new way for a virus or malware program to spread, Cryptolocker arguably had more devastating effects on businesses than attacks of the past. As such many IT firms, and administrators took action to block many email attachments, as well as educating their users.
Our efforts seem to have paid off!
Cybersecurity firm Proofpoint reports that in Q2 2019, a whopping 85% of malicious emails did not contain an attachment. This is likely a result of the efforts of the IT community over the last few years, along with so many users being burned by opening something they shouldn’t have.
But before you celebrate too much, keep in mind there are still a plethora of emails aimed at attacking your business and wrecking your data.
Remember the 85% of the malicious emails that didn’t contain an attachment that we talked about earlier? Those emails all had one thing in common: they contained links to malicious file downloads. This means that while our users may be doing a better job not opening file attachments when they shouldn’t, they are doing worse at not clicking links when they shouldn’t.
What can you do to protect your company and your users from the damages of clicking bad links in emails?
Firstly, you have to remember there is no silver bullet single solution to a problem like this. Your company security should be structured like an onion, layer after layer. The idea is, if an attack can make it past one layer of security, there are more layers behind ready to stop it. Below are my top 5 suggestions for key security layers that should help your firm protect against users accidentally clicking the wrong link!
We deal with security every day at Sikich and would be happy to help your firm with implementing a security plan. Contact us today!
This publication contains general information only and Sikich is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or any other professional advice or services. This publication is not a substitute for such professional advice or services, nor should you use it as a basis for any decision, action or omission that may affect you or your business. Before making any decision, taking any action or omitting an action that may affect you or your business, you should consult a qualified professional advisor. In addition, this publication may contain certain content generated by an artificial intelligence (AI) language model. You acknowledge that Sikich shall not be responsible for any loss sustained by you or any person who relies on this publication.