So you’ve finally got your users to quit welcoming malware onto your business’s network through clicking on random popups.. You’ve trained them to stop clicking on suspicious URLs from in emails. Is it safe to say your network is officially unassailable?
Sadly, no. Cybercriminals are a dogged bunch with endless tricks up their sleeves. They’re constantly coming up with new ways to exploit your users’ trust and naivety to infiltrate your business network, disrupting productivity, driving up expenses, and — in a worrying trend — taking your data hostage.
It’s not easy to keep up with the latest and most insidious attack vectors oozing out of the cyber-underworld — especially when you’re taking a do-it-yourself approach to data security. You’ve got enough hats to wear as it is.
Here are a few of sources of computer virus attacks you may not have thought of. While these may be less well known than those blocked by your free antivirus software, rest assured (or rest uneasily, I should say), they can wreak just as much havoc on your business’s data.
1. Viruses Lurking in Excel Spreadsheets and Word Documents
For many IT veterans, this is a vintage virus source enjoying an unexpected revival. Back in the late 1990s and early 2000s, viruses triggered by Excel or Word macros were so common, Microsoft disabled macros from running in both applications by default.
The latest wave of macro-based malware, however, tricks users into turning macros back on. How? A Trend Micro article from 2015 describes how one spammer used a fake American Airlines email to get users to open a phony receipt in Word.
“Email recipients who open the document will first see jumbled symbols. The document instructs users to enable the macros, and a security warning on the upper right hand corner leads users to enable the feature.”
TechTarget quotes one security expert who speculates that this kind of attack might be on the rise because extension-based blocking systems typically look out for .exe, .scr, and other executable files. Businesses typically don’t block .docx and .xlsm files for obvious reasons; these file types are the backbone of modern business productivity.
2. Mobile Devices Causing Mayhem
While malware attacks are rare (though not unheard of) on smartphones running Android and iOS, the devices themselves can serve as unwitting, asymptomatic carriers of computer viruses.
To a computer, a smartphone is just another USB drive. So when your users plug their personal smartphones into their work computers for charging, a virus can take advantage of the link as an opportunity to spread itself.
TechTarget says: “When someone plugs a smartphone into a computer that has been infected, the virus can be transferred onto the smartphone, which can then act as the carrier to infect any other computer that the phone connects to.”
3. Unfriendly ‘Friends’ on Social Media
When they’re not working (and, to be honest, even when they are), where do your business users spend most of their time online? Social media sites like Facebook, LinkedIn, and Instagram are among the most popular destinations on the Internet. It was only a matter of time before hackers decided to go where the people go.
“Oftentimes, cybercriminals go where they have access to the largest pool of victims,” writes Trend Micro. “With social media websites like Facebook, Twitter, LinkedIn and others steadily increasing their user numbers, it’s not difficult to imagine hackers utilizing these platforms to the advantage of their malicious activities.”
James C. Foster, CEO of ZeroFOX, tells Business News Daily that more than three-quarters of all malware and viruses are getting into computer systems via social media.
“People inherently trust social media because the messages are received from friends and recognizable brands, which makes it the perfect avenue to exploit an unsuspecting individual,” Foster says.
4. How to Protect Your Business Network From These Unexpected Threats
Needless to say, as cybercriminals continue finding new and inventive ways to worm their way into your network, increased vigilance on your part is going to be necessary to keep your data safe. Free antivirus software, which is slow to catch on to rapid-fire malware trends, and which users can easily disable on their own, isn’t going to cut it.
I recommend looking into a (tiered security approach, that includes a managed antivirus solution, email scanning services (like Mimecast) that scans attachments, links and identity in emails for today's threat types as well as a DNS service that helps protect users when away from the office . While more costly than just antivirus software, many businesses find that a tiered security approach actually saves quite a bit of money over time. It frees up IT staff to work on other projects, and most importantly, it keeps valuable company data locked down tight.
Learn more reasons for switching to managed antivirus in my article, “Top Reasons SMBs Move to Managed Antivirus vs. Free.”
How Have Viruses Infiltrated Your Business Network?
I’m always interested in learning about the surprising new ways viruses get into business computer networks. Share your experiences in the comments section below.