You probably already know about CryptoLocker – the malware that encrypts everything on your local hard disk and then demands you pay from $500 – $1,000 or you’ll never see it again. Well now there’s a new threat and it comes into your organization in way that greatly increases the chance of it successfully attacking your business.
The bad guys now search through Craigslist looking for companies advertising for help. They then send in an email response with an attached ‘resume’. The person in HR opens the attachment and boom, they’ve just infected the network with CryptoLocker.
What makes this doubly concerning is that typically the person in HR – or maybe even the business owner if its a small company – is the one looking at these resumes and they have a high level of access to files and data. This means that the potential damage can be much worse than for a lower level employee.
What can you do to protect your network? Employ some security ‘best practices’ such as removing certain attachments from email messages, restricting users ability to install software, maintaining robust web and email filtering, implementing and testing comprehensive backups and restores, and encrypting your sensitive data. But most important is to educate and train your users. As our friends at Cyberheist News are fond of saying, “Your weakest point in any security model is the person who touches the keyboard.”