Cybersecurity Tips: Avoiding Phishing, Crypto-Mining & Ransomware

With employees working from home due to the COVID-19 pandemic, how can SMBs better protect against cybercriminals?

Stephan Neumeier, Managing Director for Asia Pacific at Kaspersky shared security tips during a webinar on “The Cyberthreat Landscape for SMBs in Singapore”.

Stephan Neumeier, Managing Director for Asia Pacific at Kaspersky shared security tips during a webinar on “The Cyberthreat Landscape for SMBs in Singapore”.

Kaspersky experts suggest the following tips for SMBs to avoid being lured by cybercriminals through phishing, crypto-mining and ransomware.

  • Teach employees about the basics of cybersecurity. For example, not opening or storing files from unknown emails or websites as they could be harmful to the whole company, or to not use any personal details in their passwords. In order to ensure passwords are strong, staff shouldn’t use their name, birthday, street address and other personal information.
  • Regularly remind staff of how to deal with sensitive data, for example, to only store it in trusted cloud services that need to be authenticated for access and that it should not be shared with untrusted third parties.
  • Enforce the use of legitimate software, downloaded from official sources.
  • Make backups of essential data and regularly update IT equipment and applications to avoid unpatched vulnerabilities that could cause a breach.
  • Configure Wi-Fi encryption. It is imperative to configure your network connection correctly and set your router’s log-in and password regularly.
  • Use a VPN if connecting to Wi-Fi networks that don’t belong to you. When you’re connected through a VPN, all of your data will be encrypted regardless of the network settings, and outsiders will not be able to read it.
  • Keep track of your server load. If the daily load changes suddenly, that may be a symptom of a malicious miner. Carrying out regular security audits of your corporate network may also be helpful.
  • Monitor web traffic – frequent queries to domains of popular cryptomining pools are a clear sign that someone is mining at your expense. Ideally, add these domains to your domain block lists for all computers in your network — lists of such domains can be found online. New domains are constantly appearing, so be sure to update the list systematically.
  • Use corporate services for e-mail, messaging, and all other work. Stick to corporate resources when exchanging documents and other information. Those cloud drives, but configured for business, are generally far more reliable than the free user versions.
  • Protect devices with an antivirus solution. It is vital that you install a reliable security solution on all devices that handle corporate data.

Tags: , , , , , , , , , ,

Leave a Reply