In the wake of last week’s attacks, new facts are still surfacing about WannaCry ransomware. The ransomware leverages a known vulnerability called EternalBlue that is widespread in older Windows operating systems and was patched in a security update Microsoft released in early March. This vulnerability allows the malware to travel from system to system, which makes systems that were left unpatched easy to attack with just one malicious email.
‘We cannot overstate the importance of vigilance when it comes to email and email attachments,’ Jonathan Tanner explained in a recent Barracuda blog post. ‘Email is the primary method of attack for almost everything.’ In the case of this attack, all it took was one individual to open the attachment to infect the entire network.
Protecting yourself as an SME
SMEs are all too often seen as low hanging fruit for by cybercriminals, but there is plenty you can do ensure the security of your data. You need to take a multi-layered approach when it comes to securing your networks, and educate your employees about email security best practices. Here are the things you need to know:
How to identify a phishing attack
- Most phishing emails will ask for personal information, such as passwords, payroll or other sensitive items. Spear phishing emails go one step further by appearing to be from a trusted high-ranking individual within the organisation.
- Look for spelling errors or a sender or URL that is a few letters off. Most phishing emails have slight spelling errors and often seem to come from individuals you might know—at least at first glance. For example, you may have a PayPal account, but the sender might really be Paypol.com, preying on users that miss the ‘o’ in place of the ‘a’.
- Proper banners and graphics are common in phishing emails, however sometimes they are one or two shades off. They can look quite convincing and often trick users into the trap of clicking because it appears to come from a trusted source. Alert your employees to this and intone the message, ‘if in doubt, check!’
- A changing hyperlink or words before the forward slash. Often phishing emails contain hidden links. For example, your link will appear to take you to paypal.com, but if you hover over the link before you click it you realise it would really take you to hackerslifeforme.com (or another suspicious link). Another trick hackers use to prey on users is adding periods or dashes before the forward slash. For example paypal.com.reset-password/ is going to a different domain from PayPal.
Email security best practices
- Call before you send! If you think the CEO is looking for sensitive employee W-2 information over email, pick up the phone and double check before you send anything.
- Think before you click! Take the time to look at the details before you click on a link in an email. Watch out for any hyperlinks that are going to another destination, and pay attention to where the forward slash is in the link. If it’s not right after the .com, the link might be sending you to the wrong location.
- Don’t open attachments from users you don’t know! If you don’t know the sender think an email seem suspicious, don’t open its attachment. It could contain malicious code or take you to a malicious site.
- A multi-layered security approach and ensure proper precautions are taken when suspicious emails land in your inbox. It might seem like a chore, but it will save time, money, and aggravation down the road.
Jason Howells is EMEA director, Intronis MSP Solutions by Barracuda