A new technological threat has been increasing in popularity and strength in recent years - botnets. These are not the kind of botnets that productively crawl search engines to provide you with the best search results, these botnets are malicious and have the potential to hijack your computer.

Here's what you need to know about botnets:

WHAT ARE THEY?

Botnets are controlled by an administrator, meant to either crawl the internet or directly hack into your computer. These botnets are highly illegal, and are typically used for the purpose of making money or stealing data. Once a botnet hacks into your device, it runs in the background of your computer as your device gets added to a network of other computers that have been attacked. Your computer then waits on commands from the botnet administrator. Some of these commands include emailing spam to a significant number of users, shutting down websites, generating fake website traffic for financial gain, or generating "pop-ups" that entice users to pay a fee to get a botnet off of their computer. Botnets are not decreasing in popularity, as Fortinet found 268 unique botnets through their data so far in 2018, which is a 3% increase from their last study.

Related: Be Prepared to Fight Cybercrime with User Training 

WHAT ARE THE RISKS?

The initial risk of your computer being hijacked by a botnet is that it can run in the background and remain undetected for a significant amount of time. During this time, other risks include the loss of money, access to your data, stolen passwords, and potentially complete control of your device. According to the 2018 Fortinet study, 58% of botnet infections last one day. That may not seem like a long period of time, but 24 hours is all it takes for your organizational data to be compromised.

HOW WILL YOU KNOW IF YOU'VE BEEN INFECTED?

Botnets are usually very hard to detect - occasionally an antivirus software may pick up on botnet activity, but they are typically designed to fly under the radar. If your computer has been infected with a botnet and added to a large network, your device may start to consistently run slowly. If you are worried about whether or not your device has been infected, or if a website you want to view has malicious content, visit this Fortinet Web Filter Lookup as a resource.

Related: Cylance - Proactive Protection for Your Business

PROTECTING YOUR BUSINESS

There are several precautions you can take to avoid getting infected by a botnet. First of all, be sure that your computer operating systems are updated as soon as new updates are available. Botnets are often installed within the flaws of your operating system, so staying on top of updates could protect your system later on. Ensure you have implemented security software that can provide proactive protection for your business. It's also important to be weary of clicking on suspicious website links or attachments, especially from emails that don't seem right.

For the tell-tale signs of what NOT to click on, click here. 

Malicious botnets are consistently searching for easy targets. Make sure you keep your devices updated, educate your team on what suspicious links and attachments look like, and pay attention to whether or not your device begins to run slowly. Consult your IT team if you feel uneasy about your computer being compromised. It's always better to be safe than sorry and to becoming an easy target for botnets.

First, take a moment to test how secure one of your top-of-mind passwords really is by clicking this link:

https://lastpass.com/howsecure.php

Did the test tell you that you needed a stronger password? Did it tell you that your password is strong enough? Do you use that same strong password for everything?

When users have to make up a password, two strategies are typically used:

1. They use a password that is simple and easy to remember.
2. They use one strong password for every single account. 

These strategies are good in theory, but bad when it comes to security purposes, which is why password managers are highly recommended to break the cycle of bad password practices.

It's something everyone does several times a day - typing in a password. And for 92% of people surveyed by SecureAuth Corp. and Wakefield Research, the SAME passwords are being typed in for all of their accounts. While this may seem like the easiest solution to consistent password annoyances, this type of online behavior leads to the 91% of Americans who have experienced an online breach at some point in their life. See the correlation?

According to LastPass, passwords are the key to our digital lives, and users often forget the importance of passwords because of the "inconvenience" they may cause when trying to do things online. The importance of the information that is kept online is worth going the extra mile to protect, which is why we recommend the use of password managers to ensure your organization and its' employees are maintaining secure online habits.

WHY PASSWORD MANAGERS

Having one strong password simply isn't good enough anymore with the current technological landscape.

Over time, users have gradually become connected to more and more accounts that require passwords, which generated the habit of users wanting to use one password for everything to avoid getting locked out of accounts. While it may be habitual to input the same password for everything, the increased amount of data breaches that are seen in the media have made it apparent that it's best to have a unique password for every account that requires one, to ensure overall account security.

That's where password managers such as LastPass or 1Password come into play. These applications assist users in organizing and safely storing all of their different passwords. Gone are the days of putting pen to paper and storing sticky notes around your desk with all of your passwords on it, now all passwords can be easily accessed and found in one application. When logging into an account, all you have to do is retrieve your password for that account if it's not memorized from your password manager. An extra 15-30 second step that can save you time and money in the long run. Not to mention, your accounts are way more secured as a result. 

WEAK PASSWORD TESTS

Ensuring your employees are maintaining a high standard of strong passwords is also necessary in keeping your organization protected. Five Nines conducts tests internally to monitor all user passwords for any potential vulnerabilities. These tests are similar to the one you took above, but on an organizational scale. Conducting these tests not only provides peace of mind that employee passwords are secure, it also holds employees accountable in keeping password safety top of mind. These tests are conducted along with the use of password managers for an extra boost of security.

Maintaining high security of your IT environment requires time, money, and extra effort. Compromising internal files and data due to poor password practices simply isn't worth it. Take the time to set up a password manager account, encourage fellow employees to do the same, and take the extra few seconds to  avoid a security breach.

It's worth it, we promise.

It's always best to be prepared for the worst to keep your organization at its' best. Click below for a free Ransomware Rescue Guide to have on hand that will guide your team through the initial steps of a potential ransomware attack if you ever experience one.

In the tech industry today, even the most reliable tools can be used against you. Five Nines has recently discovered phishing attempts that are in the form of an Office 365 verification email. Wouldn’t you be enticed to click on the links in this email?

Unfortunately, just because it is Office 365, and just because many Office 365 tools are hosted online, does not mean it is any safer. When it comes to cybercrime, you must have a healthy paranoia about everything. Anything is open game.

WHAT TO LOOK FOR

A lot of these phishing attempts happen through email, mobile messages, or unprotected webpages. Here are a few quick tips we recommend:

• Double check the sender’s email address, is it from a suspicious domain? Are there any tiny grammatical errors? (EX. micorsoft-support.com)
• Why is the sender asking you to click on a link? Is it to avoid negative consequence or to gain something of value? Think twice about whether it’s a link you should be clicking on.
• Did you receive the email at an unusual time that is not during business hours?
• Are there misspellings in hyperlinks?
• Does the attachment in the email relate to the content of the message?

We have put together a complete flier full of even more red flags to look for when it comes to phishing attempts. Download the flier, read it over, and share it with your team. P.S. it’s free.

Keep in mind, phishing attempts may be in the form of reputable organizations and programs, such as Microsoft and their Office 365 software. For consistent FBI updates on current cybercrime schemes, click here. 

WHAT TO DO ABOUT IT

There are a couple of important components that must be put into place to keep your organization protected from clever cybercrime tactics. First, the antivirus you use is very crucial in protecting your business. Five Nines utilizes Cylance, if you don’t know a lot about this antivirus Five Nines just hosted a Cylance webinar, download it here.

Viruses strike, hardware fails, users click on things they shouldn’t, natural disasters and theft, the list goes on. When disaster strikes, how much are you willing to lose? Learn more about today's threat landscape, how to protect your business, and how to plan for when your defenses fail.

Miss the NE Tech Summit? Download our free presentation to learn more about how you can implement an IT Business Continuity Plan for your organization. 

Presenters: 

Jeff Newton - Senior Account Executive at Five Nines

Adam Palmer - Senior Systems Engineer at Five Nines

Sit back and learn about the NE Tech Summit Session about Planning For The Worst.