It’s a shame that such documents have to be constantly produced, but the fact of the matter is simple–malware is on the rise. If the recent WannaCrypt attack is any indication, the continued wave of malicious software is not about to fade into the distance. And so, everyone with a keyboard and a mouthpiece sets about to diligently inform the public how they can avoid such attacks.
Unfortunately, there is one reality that we cannot escape and that is, so long as your device is connected to a network, your data is vulnerable. The key is using that device in an intelligent manner, so to best avoid the pitfalls that could land your data in an encrypted jail. Therein lies the challenge, one that any IT pro will tell you is nigh impossible to overcome. Consider this, if you will; recently the “Judy” malware struck the Android platform. What is “Judy”, you ask? Over 40 apps (developed by Korean company Kiniwini and installed directly from the Google Play Store), were found to contain auto-clicking adware. These malicious apps purportedly reached an astonishing spread between 4.5 million and 18.5 million downloads. Some of these apps had been on Google Play for years, but were only recently updated.
The apps were “cutesy” games, like Chef Judy: Picnic Lunch Maker and Fashion Judy: Pretty Rapper Style. Games that should seem innocent enough. But in today’s mobile landscape, innocent enough, isn’t, well, enough.
And that’s why I’m here to help you avoid malware with a few tips. Let’s see what we can do about working malware-free on your primary devices.
SEE: Cybersecurity in an IoT and mobile world (ZDNet and TechRepublic special feature)
On your mobile device
My mantra, for a very long time, has been never install any app outside of your platform’s official app store. I lived and died by that edict and did everything I could to ensure others understood why that was important. With the likes of “Judy”, even that advice is no longer as sound as it once was. To that end, I’m going to make an amendment to that advice. If we’re talking about a device you use for both business and personal use, do not install any software that isn’t considered essential. Period. Keep the installed apps to the barest minimum. If you don’t need it for work, or if it’s not an app supplied by an official source (such as Facebook, Twitter, etc.), do not install it.
If you have a strong desire to install those cutesy apps, do so on a device that isn’t used for business purposes. I know that sounds a bit like overkill, but when you next upgrade your device, save the old one to use for games and other distractions. That way, when malware inevitably strikes, it won’t compromise your crucial data and you simply need to reset the device to factory default and start anew.
Next on the list is to update, update, update. Google, Apple, and OEMs don’t just update Android and iOS to give their platforms more features and a prettier face; many times those updates include vulnerability patches. If you don’t believe me, make sure to regularly check out the Android Security Bulletin or the Apple Security Updates page. Regularly check for updates on both the platform and the installed apps. When you see available updates, apply them immediately.
On your desktop/laptop
The same holds true on the ol’ reliable desktop and laptop–don’t install untrusted software. Fortunately, all of the platforms now have their own app stores. Linux has GNOME Software, Synaptic, and a number of other similar tools; Apple has their App Store, and Windows 10 has Apps. If you’re working on Windows, you should only install from that official repository. Period. If you’re using the iOS platform, I would recommend installing from the App Store, but other trusted locations (such as official downloads from reputable companies) are fine. If you’re using Linux, your best bet is to install from your distribution’s package manager, but you’re less likely to to run into malware (at least, currently) on the flagship open source platform.
Updates are just as important on the desktop/laptop operating systems. Yes, you will have to suffer the incredibly long waits while updating the Windows platform; but that wait is a necessity. You do not want to be working with a vulnerable platform, so check for and apply any/all available updates. I would offer this same advice to every standard platform, be it OS X, Linux, or Windows. Check for updates daily.
If you work with the Windows platform, you should certainly be making use of both antivirus or antimalware solutions (such as Windows Defender, Avast, or AVG); without such protection, your data stands at risk.
On all platforms
One of the first things I tell people is to not click on links or files from unknown sources. Malicious software can be forced upon a platform by way of a single, malformed URL. If you receive an email that was forwarded, or from an unknown source, do not click that URL until you have at least checked it against the Malware Domain List. MDL is an extensive list of all domains that have been known to host or spread malicious software.
Another bit of advice I tell users mostly only applies to the desktop/laptop platforms, but it can also work on the mobile devices. When you receive an email informing you that something bad has happened with one of your accounts and that you should “click the link below and log back into your account to resolve the issue,” the first thing you need to do is hover your mouse over that link and see where it actually points to. Chances are, that’s a phishing scam. If you can’t hover your mouse and see what domain lurks under that link, copy the link and then paste it into a note-taking app. When you see that the link isn’t what you expected, delete the email (or, better yet, report the email to US-CERT and then delete it).
If you’re looking to really help yourself out, follow these added quick tips:
- Never allow your browser to save your passwords or other information
- Work with a browser in Incognito mode
- Whenever possible, use Tor Browser
- If you cannot use Tor Browser, and you want to get as much security as possible, take a look at a browser like Epic (or Duck Duck Go on the Android platform)
- Backup your data
- If working on an insecure network, make use of a VPN
- Use two factor authentication on every service/software that offers it
- Think before you click
Relying solely on your operating system or device manufacturer for security is unwise. Every user needs to take the security of their devices and data into their own hands; work intelligently and use wisely. With a bit of caution, your data will be considerably safer from the effects of malicious software.