Every day I hear of another data leak, hack or stolen credit card information. Small businesses are currently big business for cyber criminals, since small businesses typically don’t have the resources to protect or detect a data intrusion. Each week when I visit a new business to perform a network assessment, I find no secure firewall, sometimes there is just a basic cable router and sometimes a Linksys router.
Most of the routers and wireless routers a not very secure. Half of them have the default password still on them and they really don’t protect your data from intrusion like a firewall. The other half of them have wide open wireless and no password making it child’s play to access your sensitive data.
We chose Dell Sonicwalls for our Small Business firewall solution because they are reasonably priced, easy to set-up and maintain and have great protection. The main difference between a router and a Sonicwall Firewall is the applications that it runs. The Sonicwall actually reads all the data coming into your small business (from any device or person accessing your network) and runs a comparison against a constantly changing catalog of hacking exploits. These definitions or signatures are updated from Dell Security hourly.
The latest version of CryptoWall virus (a virus that hijacks your files and encrypts them) came out on November 6th, 2015. Sonicwall came out very quickly with a definition (security set-up) that prevents the exploit from encrypting your files. The key thing here is your Sonicwall must have an active Security Suite Subscription to get these new signatures. Since new exploits and hacking attempts come out daily, it is important to keep your Sonicwall up-to-date with the security subscriptions annually. The Security Subscriptions which we call Sonicwall Renewals also include an extension of the hardware warranty.
According to Sonicwall’s Security Center Bulletin, CryptoWall is typically delivered through an email (typically a spam email) that is made to look legitimate. The email will include a little information that looks like a service or vendor you use. This too has a new name, it is called “Spear Phishing” because it targets you with a little bit of personal information to get you to click the link.
Examples include: PayPal, FedEx, UPS, Facebook, Universities, Banks, Credit Union, LinkedIn and many more. Below is an example of a fake email from the American Institute of CPAs:
The other way people are being infected are drive-by websites. Drive-by websites are websites that are designed to immediately download malware when you land on them by accident. If your misspell craiglist.com or youtube.com you can innocently land on a malware site that tries to get you to download a virus remover tool that is actually the virus itself! The website beeps and tells you are infected and anything you click on is BAD. If you happen to land there by accident, I recommend you shut off your PC immediately by holding in the power switch for 10 seconds. This is a hard shutdown but honestly the alternative is much worse. Here is another article I wrote about this threat: http://www.microdoctor.com/2014/06/why-your-antivirus-is-obsolete/
If you’re small business is not completely protected, I would recommend adding a Sonicwall Firewall as a first step, then have a security expert firm like Micro Doctor perform a free network assessment. Even if you have a current IT person or firm, having a second opinion about what you need to protect your business and livelihood is just good practice. On our website you can request a network assessment at http://www.microdoctor.com/services-solutions/security-assessment/. Take advantage of this FREE service before your company becomes a target of a security breach.
Written by Mark Richmond, MCSE, Sonicwall CSSA, HIPAA Security Expert with 26 years in business. Drop me a line at firstname.lastname@example.org or hook up on Linkedin at https://www.linkedin.com/in/microdoctor.