How to protect your website from security threats and attacks.

Views expressed in this cybersecurity-cybercrime update are those of the reporters and correspondents.

Accessed on 22 March 2022, 2031 UTC.

Content provided by “PC Magazine,”

Source:

https://mail.google.com/mail/u/0/#inbox/FMfcgzGmvfRcmMdXVXgLBCnRzlWbZvrN

Please click link or scroll down to read your selections.

 

Trouble viewing this email? View in a browser
 
 
PCMag SecurityWatch
 
How to Prepare Your Business for a Cyberattack
In the medical field, they say an ounce of prevention is worth a pound of cure, and that’s also the case for cybersecurity. In that vein, if you own a business or you are in charge of a corporation’s website, what are you doing right now to protect against future online attacks? Recently, the White House warned Russia is exploring attacks on critical US infrastructure, including businesses.

Be Prepared for the Worst

Deploying a security suite after an attack is a front-line effort to mitigate some of the damage from bad actors targeting web-based businesses. However, when it comes to online security, reactive solutions may not be enough. As PCMag’s Neil McAllister recently noted in an article about preparing for cyberattacks in light of the Russian invasion of Ukraine, business owners also need to have a proactive plan in place to keep their operations online and prevent data loss.

Josh Koenig is the chief strategy officer for Pantheon, a web operations platform for Drupal and WordPress websites. I interviewed him recently about how businesses that maintain a website presence can better prepare to deal with the inevitability of a cyberattack.

Kim Key: What are the cybersecurity threats companies are facing?

Josh Koenig: Increasingly, people need to worry about phishing scams and ransomware. A smart attacker will say, “I could make your website homepage very embarrassing for you now, but if you pay me these bitcoins, I won’t have to do that.” 

People compromise websites and use it as a way to start compromising other websites by distributing more malware. I’ve even seen things where people will compromise a website and they’ll put in a JavaScript tag that would normally be used to load an ad for something. But it loads a highly inefficient yet still functional Bitcoin miner that starts running in every end user’s browser to try to get the attacker a fractional bitcoin.

KK: Are small businesses just as much of a target as larger ones? 

JK: The vast majority of compromises that occur are not directed. They’re automated. It’s not actually with the intent of getting any particular benefit out of the small business. They’re just using that as a way to attack other websites. They’re not going to go and ransom a pet shop, but they are going to try to put malware on everybody that visits the pet shop and then use that to get others. So in that sense, small business websites and personal websites, they’re under threat from all this automated activity just the same as the big sites are, and you see that the big sites sometimes fall prey to this stuff, too. 

KK: What forms of cybersecurity software should companies invest in? 

JK: Thinking about it from a website perspective, a modern, high-quality content distribution network that includes a bunch of the smart security stuff out of the box is a table stakes thing, but you’d be surprised like how many people just don’t have that. That’s the way to head off random denial of service attacks and random malware probes.

It’s really about building around single sign-on systems that have very strong two-factor authentication. So it’s no longer that there are passwords for your website.

KK: What can businesses do to prepare themselves for a cyberattack scenario?

JK: Part of security is having the agility to respond when something does happen and having more automation around how you manage the website. You want to think about installing antivirus and having device management.

If you do the right things and can orient your mindset around resiliency and responsiveness versus trying to be impervious or have zero risk, there is a happy world out there for you. You don’t need to be afraid. I think there’s a kind of confidence that comes from acknowledging that nothing is going to be a hundred percent, but we know what to do when something goes wrong.

Get this email from a friend? Get it delivered to your inbox weekly. Sign up for the SecurityWatch newsletter.


What Else Is Happening in the Security World This Week?

Tired of Your VPN? Here’s How to Switch. Quitting your old VPN and starting up with a new one is simple. We show you how to make the change and give you tips on what to check if your new VPN isn’t working.

Hackers Post Images Showing Possible Microsoft Breach. The same cybercriminal group that recently breached Nvidia briefly shared a screenshot that suggests the hackers also gained access to Bing’s source code.

Latest Data-Wiping Malware to Hit Ukraine Can Also Erase Attached Drives. ESET detects CaddyWiper malware “on a few dozen systems in a limited number of organizations.”

Should You Buy Kaspersky Security Products? Founded in Russia by a Russian national, with a headquarters division in Moscow—that doesn’t mean Kaspersky is in Putin’s pocket. Deeper context can help you decide whether to trust the company.

UK: NortonLifeLock-Avast Merger Could Be Bad for Antivirus Competition. The UK’s CMA notes that NortonLifeLock and Avast currently rank as two of the three largest independent providers of security software in the country.

 
 
TECH DEAL OF THE DAY
 
If you buy something from our links, we may get a commission from the sale. Learn more here.
 
GoDaddy Web Hosting with Free Domain – starting $2.99/mo
 
 
GET DEAL
 
TODAY’S TOP NEWS
 
Watch Out for Money App Scammers
Banking apps attract fraudsters hoping to bilk customers out of their cash. This month, The New York Times published a story concerning scammers using the popular Zelle app. This week, banking services such as Capital One sent out emails warning customers about people impersonating bank employees who demand payments over the phone, text, or email.

The United States Federal Trade Commission’s website warns of signs you are being targeted by a banking app scammer:

  1. You may receive an email, phone call, or text claiming any one of the following scenarios:
  • You won a prize or sweepstakes and need to pay some fees to collect it
  • A loved one is in trouble and they need you to send money
  • You owe taxes to the IRS; they’re from tech support and need money to fix a problem with your computer
  • They’re someone who is romantically interested in you and need some money
  1. Scammers will then tell you to send them money through a mobile payment app. Do not click on any links contained in an unexpected email or text message. Log in to the payment app to see if you have any requests for money. If you don’t, the email or text is probably a phishing scam.

On Zelle’s website, the company lays out the difference between being the victim of fraud versus a scam. When it comes to money transfers on cash apps such as Zelle, if someone accessed your account without your authorization and stole your money, you can report the incident to your financial institution, and they may be able to reverse the charges. If you authorized the payment, which often happens in scams where a victim pays for a good or service they do not receive, the financial institution may not give you your money back.

I encourage you to remain vigilant online. Do not accept money transfer requests from people or institutions you do not know. Don’t give out personal information to anyone you don’t know online. You can’t always trust caller ID for text messages, as phone numbers can be spoofed and appear to be from someone you know. Verify the identity of the person asking for money with voice calls or by meeting in person.

Stay safe,
Kim Key
PCMag Security Analyst


We Test VPNs for Video Streaming

What to Do When You’ve Been Hacked

PCMag Picks the Best Free Password Managers

15 Essential Apps for Ironclad Online Privacy

Do I Need a VPN at Home?

 
TOP TECH DEALS
Want more deals like these delivered to your inbox?
GET OUR BEST DEALS TODAY
 
Quickship Dell Inspiron 15 (5510) Intel Core i7-11390H 15.6″ 1080p Windows 11 Laptop w/ code: 50OFF699
 
$968.99 $699.99  
GET DEAL

 
Back in stock Nintendo Switch OLED Gaming Console w/ White Joy-Con
 
 $349.00  
GET DEAL

 
NVIDIA RTX 3070 Alienware Aurora R10 AMD Ryzen 7 5800 Gaming Destkop w/ 512GB SSD, 16GB RAM
 
$2,139.99 $1,469.99  
GET DEAL

 
New Apple AirPods Pro w/ MagSafe Charging Case
 
$249.00 $189.99  
GET DEAL

 
24.5″ Dell S2522HG 1080p IPS 240Hz 1ms Gaming Monitor (Dark Metallic Grey)
 
$309.99 $209.99  
GET DEAL

All product and deal information such as discount, price and availability are believed to be accurate as of the time of publication. Please verify these details with the merchant site and check the merchant’s terms and conditions before you buy. Publisher is not responsible for errors or omissions.
SHARE & FOLLOW US
      

For the latest cybersecurity news and information, please check the blog sidebar, links, and twitter posts. Thanks for joining us today.

Russ Roberts

https://cyber-security-intelligence.org

https://paper.li/RussellRoberts (machine learning, artificial intelligence, IoT, information security)