Two notable cyberattacks have made the news this month. The first being the Google Docs phishing attack and more recently, the Wannacry ransomware attack. The phishing emails are often crafted to pose as a business or person the receiver trusts, such as their bank or a business colleague.When the unsuspecting victim clicks on the fraudulent links contained within the phishing emails, the cybercriminals are able to steal the victim’s credentials to access their email and private accounts, including bank accounts. Phishing emails are also the primary method for ransomware attacks. When the bad link is clicked, the ransomware locks down the victim’s computer, preventing access to their data until ransom money is paid. Even after the ransom is paid, there is no guarantee that the ransomware is fully removed from the computer.
Ransomware is a multi-million-dollar crime operation and as a result, these attacks are quickly on the rise. IBM recently surveyed 1,000 business professionals and found that 60% would be willing to pay the ransom to get their data safely back.1 The recent global Wannacry ransomware attack infected more than 200,000 computers in more than 150 countries affecting among other organizations, Britain’s National Health Service.
The Wannacry malware exploited a vulnerability in Windows operating systems and whereas anyone with supported operating systems, including the current Windows 10 version, were protected through a patch sent out in March, anyone not current on their Windows updates or using older, unsupported operating systems such as Windows XP were particularly vulnerable.
As cybercrime continues to rise and attacks become more sophisticated, it is increasingly important to take a proactive approach in protecting your dealership’s data.
Begin by learning about and educating your staff about phishing attacks. And stay current in your knowledge. Attackers are continually refining their methods for conning their victims. There are numerous articles online that provide examples of what to look out for. Be especially wary of:
- Emails containing attachments from someone you don’t know. Never open these attachments.
- Misspellings and poor grammar.
- Emails containing links from someone you don’t know. Hover over the imbedded links. Compare the link address displayed with the one visible in the email. If they don’t match or seem suspicious, don’t click on them.
- Emails offering something too good to be true or offering something that expires if you don’t act quickly.
If the email appears to be from someone you know and seems suspicious, play it safe. Message the sender separately to confirm the legitimacy of the email. And, always be alert. Cybercriminals are becoming more sophisticated. The recent phishing attack exploiting Google docs is one such example. Email recipients received an invitation to edit a Google doc from someone they knew. Upon clicking the link, they were taken to a Google login and permissions page; so, add to your best practices - be suspicious of links to documents you weren’t expecting to receive. If you’re unsure, message the sender separately to confirm the legitimacy of the invitation. Also question the number of permissions being requested. In this scam, users were asked to grant permission to read, send, delete and manage their email as well as manage their contacts.
If you don’t back up to the cloud, your local storage device or server should be offline - not connected to your desktops where attackers can reach them. Backup your data daily. In the event of a ransomware attack, it may be the only way to recover your data. Depending on your DMS provider, these backups may be performed for you automatically. The data of DX1 DMS customers is backed up nightly in the cloud to multiple datacenters across the country, providing redundancy and optimal performance.
Make sure your operating system and other software is kept up-to-date, including the latest security updates. You can enable automatic updates. You can also protect your computers with a reliable antivirus product that features real-time scans and automatic updates. If you have computers at your dealership still running on older, unsupported versions of Windows, such as XP, it’s time to update your operating systems to Windows 10.0.
Following these steps and paying attention to potential threats will help you protect your dealership’s valuable data.
1 Tech Crunch