As we ring in the new year, 2022 is shaping up to be the year of the scam.
Well actually, 2021 was the year of the scam. As was 2020, 2019 … there’s a pattern here.
What can folks do to help avoid falling victim to the bad actors of the web?
There are four pillars that both individuals and organizations can employ to mitigate the risk of malware and its increasingly more common variant, ransomware. These are endpoint protection, offsite backup, password management and multifactor authentication. We’ll touch on each briefly here.
Endpoint protection is a techno-geeky way of saying “protect your computer from malware,” whether that computer is a Windows PC, Mac, or other type of machine. Many ransomware attacks begin from a compromised endpoint.
Windows has a decent app built in, Windows Defender. If you are running Windows and haven’t paid for a third-party anti- malware program, make sure Defender is running. It’s amazing the number of PCs we come across that have Defender disabled and no other product in sight.
While it might not quite stack up with its commercial competitors, Defender is free and, frankly, good enough. After all, as the old legend goes, you don’t have to swim faster than the shark, you just have to swim faster than the other folks in the water. If you are running Defender, you are swimming much faster than the other folks who don’t have anything to protect them. The bad guys will go after them before they come after you.
For Macs, a built-in app called XProtect provides excellent protection against malware. Combined with the closed nature of the Mac environment as well as its lesser market share make Mac endpoints less of a target for the bad guys.
Chromebooks do not need endpoint protection because technically, nothing runs on the actual computer itself, everything runs in the cloud. As such, Chromebooks are a safe option from an endpoint protection, but despite record-breaking sales in the past year, Chromebooks still have an almost insignificant share of the desktop computing market share, by many accounts close to 2%.
Of course, from time to time, attacks can sneak in past endpoint protection. For this reason, folks should ensure they have their data backed up. Ideally, backups are done off-site, typically to the cloud. But if all your data is in the cloud, you should consider backing it up to another cloud location, or to a physical location, which could be your own office or home.
Both Windows PCs and Macs have built in backup programs, although backing up to the cloud can be a bit tricky. There are dozens of backup programs available for both platforms, so we won’t go into that here.
But not every attack originates from the endpoint. Phishing attacks, for example, are designed to get you to give up sensitive information. A popular phishing method sends the target a fake link prompting for a login. Once the mark gives up the username and password, the bad guys run these credentials through countless other websites looking for a hit. So if you use the same password over and over, you are sunk.
Let’s face it, folks reuse their passwords because nowadays you have so many different logins it’s hard to keep track. Password management apps such as LastPass, DashLane or KeePass all have multiplatform, multibrowser compatibility, and all have trial versions. Be careful, experience shows that once you use a password management app, you’ll never go back.
Finally, multifactor authentication is a must. In its simplest form, MFA texts you a secondary code when you log in to a website or organizational system. More advanced forms use the organization’s app, or authentication apps such as Authy or Google’s Authenticator or Microsoft’s Authenticator (oddly they have the same name but are completely different products). If your provider offers you MFA, turn it on. If your provider doesn’t offer MFA, ask them why. If your organization has an app that doesn’t have MFA, ask them why.
John Agsalud is an IT expert with more than 25 years of Information Technology experience in Hawaii and around the world. He can be reached at jagsalud@live.com.