The online shopping season is here! If your employee machines have an internet connection, chances are good that there is some online shopping/browsing running on your network. Have you taken steps to keep your network safe and running efficiently? Read on for our best-practice recommendations:
If your firewalls and/or access points have traffic shaping abilities, you can limit bandwidth to specific sites or categories, or block them entirely. You can also use full-featured network appliances (Meraki firewalls and access points) to look at traffic patterns over time.
In most SMB network design, whatever a single network user accidentally installs on their physical machine or network profile will soon spread to the server and other networked machines. It is important to make sure your network is secure and updated to limit vulnerabilities. Training staff on web safety is also paramount.
Admin Access – Periodically consider whether users with read/write access to files/folders/drives have the appropriate level of permissions.
Offsite Access – If a home user experiences a browser hijack and mistakenly calls the “Microsoft” phone number in the pop-up message, will they place your company files at risk? Make sure your home users are using secure remote desktop protocol/VPN to access files, and make sure users log out when their connection is not in use. A reminder to make sure that your server connection/remote desktop protocol should not be wide-open to the outside world!
Web Browsing on Server Connection – For many of our Hosted Cloud Application users, we recommend limiting your web browsing and online shopping to your physical machine. Performing these activities while logged in to your Citrix Hosted Desktop places your server and company files at risk.
Fake Update Notifications – Some ransomware has recently entered computers and networks via fake update notifications. When you enter an untrustworthy website, a pop-up window might notify you to download Adobe Flash or another third-party application. This update notification might be fake and if so, will download ransomware or a virus onto your machine. (Fake updates may have bad grammar or spelling, weird icons, etc.) It can take a close eye to see the differences. When in doubt, go straight to the vendor website to get your Flash or Java update.
Fake Microsoft or Internet Warnings – Train users to use task manager or force quit to exit a hijacked browser. Stress that users should not interact with the warnings – no clicking and no calling! Tell them exactly who they should contact in case of an IT emergency, and remind them to never call a number on their computer that offers to help. (And definitely don’t give them credit card information!) Also, if you do work with an IT company, make sure you know what methods they will use to remote-control your machine so you are not confused by a phishing call asking for computer access.
As a general rule, Microsoft, your Internet provider and the IRS do not place phone calls to end-users. You should be skeptical if you receive a call from someone reporting an issue and offering to remote into your computer and help.
Read Buttons Carefully – often when we go to a website for a specific task, confusing advertisements can get in our way. Make sure you read buttons and text carefully; fake download buttons and click to purchase buttons can lead to other places. A trick to try is to hover over the questionable button or link. In the bottom of your browser, you will see a preview of the URL the button links to. If the link doesn’t make sense or doesn’t match your destination, check the website again to see if the button and the entire site are valid. When in doubt, get out! Don’t click any buttons and just close that tab.
Protect Personal Information:
Wi-Fi Hotspots – Unsecured wi-fi networks are a great way to unknowingly share your credit card and other personal information. Connect only to secure, known networks when sharing sensitive data. Consider turning off your wi-fi when out and about to eliminate the possibility of automatically connecting to an unsecured network.
Shopper Tracking – Some stores use the wireless and bluetooth information from your phone to track your shopping habits. To opt out of these tracking activities, turn off both your wireless and bluetooth when not in use.
Credit Card Safety– When shopping online, check to make sure you are on a secure check-out page before entering credit card information. A secure screen will have https:// in the address bar instead of http://. It will also have a padlock icon in the address bar.
What To Do If Compromised:
If you experience warnings and pop-ups while browsing online, you may just have a browser hijack, or may have installed an unwanted extension or add-on. Try force-quitting your open browser, by using task manager (ctrl + alt + delete) on a Windows machine or Force Quit (under the Apple menu) on a Mac. Trying to close the window by clicking on it, or clicking on attached links, can cause additional issues; use the task manager or force quit options. If you reopen your browser and the message is gone, then double-check your browser settings (check the open new tab page, homepage, installed extensions, search bar, etc.)
If the change you notice is not browser related, but is instead file names changing extensions, a text file warning you that your machine is encrypted, or warnings from your antivirus software, you may have installed a virus or ransomware. If you think you have a virus or ransomware, it is best to get the machine offline and contact ITS. If you are connected to a Cloud Server (citrix), disconnect and then shut down your local machine.
ITS can take steps to limit spread to your server and other machines.
We never recommend paying the ransom; your best chance at recovery is to restore your files from backup. Make sure you are checking your backup completion emails, to see if they are successful and to make sure the correct files are included in the backup set.