Ransomware is real and a threat.

Cyber Attack: Ransomware Could Ruin Your Business & Life

 

Ransomware is real and a threat.

Ransomware can affect you.

Back in 2017 when what first looked like a cyber attack on hospitals located in the UK, it was malicious "ransomware software" which spread world-wide. Even Russia and the United States have been hit hard. Experts are referring to this as cyber-crime, and some are going as far as cyber-terrorism.

How ransomware works is rather simple. It will arrive in an email that seems harmless enough containing either a link or an attachment. If you click the link or open the attachment, the malicious software is downloaded onto your computer, locking all of your files and then it spreads to your network, locking other computers. Then, a message pops up on your screen that if you want your data unlocked, you will need to pay a ransom. The currency requested is usually in BitCoin.

How can you protect yourself?

Here's some clear advice to help protect against ransomware and cyberattacks:

  1. Keep software updated: Always install the latest security patches for your operating system and applications.
  2. Use strong, unique passwords: Create complex passwords for each account and consider using a password manager.
  3. Enable two-factor authentication (2FA) wherever possible.
  4. Be cautious with email attachments and links: Don't open attachments or click links from unknown or suspicious sources. If it is from someone you know, but the message seems a little "off" it would be advised to contact the sender to confirm it was them who sent the message.
  5. Back up your data regularly: Store backups offline or on a separate network.
  6. Use reputable antivirus software and keep it updated.
  7. Be wary of unsolicited phone calls or pop-up messages claiming your device is infected.
  8. Avoid using public Wi-Fi for sensitive transactions. If necessary, use a VPN.
  9. Limit access to sensitive data: Only give permissions to those who absolutely need it.
  10. Educate yourself and others about common phishing tactics and social engineering tricks.
  11. Use network segmentation if possible, especially for businesses.
  12. Disable macros in Microsoft Office documents.
  13. Be cautious when using Remote Desktop Protocol (RDP) - secure it properly if needed.

If you are running a POS system for your small business, the following should be checked too:

  1. EMV non-compliance: Some POS systems may not be compliant with EMV (Europay, Mastercard, and Visa) chip card standards, leaving them vulnerable to certain types of card fraud.
  2. Skimming devices: Physical skimming devices can be attached to card readers, capturing card data before it reaches the POS system.
  3. API vulnerabilities: Insecure APIs used for integration with other systems can be exploited to gain unauthorized access.
  4. Bluetooth vulnerabilities: POS systems using Bluetooth for connectivity may be susceptible to Bluetooth-specific attacks like BlueBorne.
  5. Supply chain attacks: Compromised hardware or software in the POS supply chain can introduce vulnerabilities before the system is even deployed.
  6. Unvalidated input: Lack of proper input validation in POS software can lead to SQL injection or other code injection attacks.
  7. Weak session management: Poor session handling can allow attackers to hijack legitimate user sessions.
  8. Inadequate key management: Improper storage or handling of encryption keys can compromise the entire system's security.
  9. Vulnerable touchscreen interfaces: Some touchscreen POS systems may be susceptible to specific touch-based attacks or exploits.
  10. Lack of point-to-point encryption (P2PE): Without P2PE, card data can be vulnerable as it travels through the merchant's system.
  11. Insufficient data tokenization: Failure to properly tokenize sensitive data can increase the risk of data breaches.
  12. Vulnerable self-service kiosks: Self-service POS kiosks may have unique vulnerabilities related to their public accessibility.

These vulnerabilities highlight the importance of comprehensive security measures for POS systems, including regular security audits and penetration testing.

Always be cautious as your data could be compromised if you are not.