October 26, 2016
We live in the business world where more and more employees work remotely. From a business perspective, hiring around the globe allows to tap into more resources. However, remote workers introduce IT security risks.
There a few basic tactics that can be considered and implemented with minimal or no additional cost.
What does this mean in practice? It depends on your situation, but there are many generic choices applicable to most of us.
Start with avoiding the top 4 cyberattack vectors:
By avoiding or limiting these 4 cyberattack vectors, you will most likely prevent 99.9% of attacks against startup, small and even medium size businesses or personally.
Amazon asked to remove any Antivirus software installed from every employee’s computer! Why? Recently, Antivirus engines have been easier to hack then the systems themselves, putting Antivirus users arguably at more risk than without it.
Let’s evaluate the most critical software, the web browser.
I cannot stress enough to avoid using Internet Explorer, Edge and Safari, only use it where it is necessary due to legacy reasons.
I recommend using Chrome browser instead. Why? Chrome is built by a team of experts who greatly care about security and minimizing its attack surface. It is not to say that it is perfect, but, in my opinion, it is more secure than the browsers mentioned above.
Chrome has been offering click to play on Flash for much longer than any other browsers, a feature you must make sure is enabled. Click to play on Flash feature prevents hidden Flash module code from running and leaving only the Flash you see to run. Flash is really cycling out of the internet, less and less websites require Flash now to run properly.
To make sure this feature is on, go to Chrome settings –> Show Advanced Settings –> Content Settings –> in Plug-ins, select “Let me choose when to run plug-in content”
In addition, Chrome sandboxes your PDF opening it in a process of its own with limited access to your system. This is a great default feature and no action is required to benefit from it.
First, here’s how to enable this feature in Chrome.
Now that we’ve limited our exposure through the browser, we can get back to discuss how to safely use documents.
Documents are the attack vector of choice of commodity malware because exploitation leveraging documentts is cheaper and easier to develop. They are also used in targeted attacks.
How can anyone prevent or avoid document attacks? The logic is not to open the document, or in certain cases, not to “look” at it. However, this is not a very practical solution.
Before opening the document, it is important to assess if the document is actually something for you from someone you know. It’s far from a perfect solution, but you will block certain incoming attacks.
You received an invoice via email, is it really an invoice you were expecting? If not, it’s likely a document with an exploit in it. Simply delete the email, don’t open it. You can even tag it as SPAM or phishing in Gmail.
Simple and easy solution to avoid document exploits is to Let Google Doc open it for you.
This doc opening technique is a strong protection mechanism because in the process of conversion, Google will filter out any suspicious part of it by scanning document for potential malware. If it cannot convert it, it could be because of exploitation attempt.
In theory, we can use Microsoft One Drive with the same results.
We lose some privacy in the process to open docs via Google or Microsoft, but most of the day to day files are not that sensitive and keeping your computer and phone clean is more important.
Another recommendation is to avoid using Adobe Flash on your computer. Simply don’t install it or uninstall it. Chrome will run Flash more securely as it is running in a sandbox.
Adobe Reader and Preview on the Mac are also frequent vector of attacks. Choose another software to read your PDFs, arguably less secure but not targeted and remember, you can safely read PDFs on your Google drive.
Anti-Virus or not, Sandboxing or not, these techniques will keep you safe from many attacks. It has worked for me for several years keeping the number of successful attack to minimal levels. In a following blog, we will discuss what we can do to detect attacks that will make it through.