Malware News to Know

By George Moore, NKY Health Director of Administration & Accounting

As most of you know, the agency was recently hit with a particularly bad malware. Malware is software that is intentionally designed to cause damage to a computer, server or computer network. It typically starts when an end-user clicks on an infected or corrupt file or link. The malware is then integrated into a target’s computer (often appearing on the computer and network as either an executable code, scripts, active content and/or other software) where it does the damage.

Our Information Technology unit has taken steps to:

  1. Remediate the problem on any infected computers.
  2. Install and adjust server software and systems to reduce future infection risk.
  3. Purchase and install very high-end malware/anti-virus products on our computers and servers.

Additionally, I want to educate staff on steps they can take to reduce the risk of actual infection and loss.  Below are some tips from an article by Gary Davis, writing for a McAfee Newsletter dated July 7, 2017.

  1. Create Complex Passwords (and Change Them Often): We know you’ve heard it before, but creating strong, unique passwords for all your critical accounts really is the best way to keep your personal and financial information safe. This is especially true in the era of widespread corporate hacks, where one database breach can reveal tens of thousands of user passwords. If you reuse your passwords, a hacker can take the leaked data from one attack and use it to login to your other accounts. Our best advice — use a password manager to help you store and create strong passwords for all of your accounts. Then, check to see if your online accounts offer multifactor authenticationThis is when multiple pieces of information are required to verify your identity. So, to log into an account you may need to enter a code that is sent to your phone, as well as your password and passphrase.
  2. Click Smart: Now that you’ve put smart tech measures into place, make sure that you don’t invite danger with careless clicking. Many of today’s online threats are based on phishing or social engineering. This is when you are tricked into revealing personal or sensitive information for fraudulent purposes. Spam emails, phony “free” offers, click bait, online quizzes and more all use these tactics to entice you to click on dangerous links or give up your personal information. Always be wary of offers that sound too good to be true, or ask for too much information.
  3. Be a Selective Sharer: These days, there are a lot of opportunities to share our personal information online.  Just be cautious about what you share, particularly when it comes to your identity information.  This can potentially be used to impersonate you, or guess your passwords and logins.
  4. Protect Your Mobile Life: Our mobile devices can be just as vulnerable to online threats as our laptops.  In fact, mobile devices face new risks, such as risky apps and dangerous links sent by text message.  Be careful where you click — don’t respond to messages from strangers; and only download apps from official app stores after first reading other users’ reviews. Make sure your security software is enabled on your mobile, just as you would on your computers and other devices.
  5. Practice Safe Surfing and Shopping: When you shop online or visit websites for online banking or other sensitive transactions, always make sure that the site’s address starts with “https” (instead of just “http”) and has a padlock icon in the URL field. This indicates that the website is secure and uses encryption to scramble your data so it can’t be intercepted by others. Also, be on the lookout for websites that have misspellings or bad grammar in their addresses. They could be copycats of legitimate websites. Use a safe search tool to steer clear of risky sites.
  6. Keep Up-to-Date: Keep all your software updated so you have the latest security patches. Turn on automatic updates so you don’t have to think about it, and make sure that your security software is set to run regular scans.
  7. Look Out for the Latest Scams: Online threats are evolving all the time, so make sure you know what to look out for. Currently, ransomware” is on the rise. This is when a hacker threatens to lock you out of all of your files unless you agree to pay a ransom. Stay on top of this and other threats by staying informed.
  8. Keep Your Guard Up: Always be cautious about what you do online, which sites you visit, and what you share. Use comprehensive security software, and make sure to back up your data on a regular basis in case something goes wrong (we back up the servers nightly). By taking preventative measures, you can save yourself from headaches later on.

Computer viruses and malware are unfortunately a part of the world we now live and work in.  The creators of these viral computer codes are always trying to stay ahead of the anti-virus software and measures we take to secure our network. Although there is never a 100% guarantee, these steps should help reduce the risk of the bad guys having success.