5 Download Habits That Lead to a Ransomware Attack

Once upon a time, you could install antivirus software and go about your merry way online and in your inbox, opening, clicking and downloading files without a care. In today’s digital age, where cybercriminals are getting more and more advanced, relying solely on antivirus software to protect your devices is not enough to stop a ransomware attack. Hackers have become more sophisticated in their methods of attack and can easily circumvent security protocols designed to keep them out. This is especially true if you intentionally INVITE the hack by downloading files that are infected with a piece of code that is specifically designed to bypass your security protocols.

To ensure that your personal or business devices are safe from cyber threats, there are certain things you need to STOP doing immediately. Failure to do so can leave you vulnerable to all sorts of cyber attacks, from your device getting hacked and your data being stolen to your computer being hijacked to launch attacks on other devices.

STOP Downloading Apps From Unknown Sources

There are thousands of free apps available online that are very tempting to download. Hackers are masters at curiosity and “clickbait” designed to nail you in a moment of weakness. To prevent rogue apps and programs from installing, configure your devices to disallow the installation of programs from unauthorized sources. On your phone, ONLY download apps from your device’s respective app store that are tested and forced to meet the store’s security and privacy requirements.

Business owners:

As a business owner, you may have complete trust in your employees and their intentions. However, it IS still recommended to implement strict security measures, including locking down business machines, to prevent any potential harm to your company.

By locking down your business machines, it becomes far more difficult for employees to download any applications or files that could compromise the security of the company. This may include malicious software, viruses, or even untrusted third-party applications that may be designed to steal sensitive information or install harmful malware.

Depending on your business’s specific security requirements, you may choose to implement software tools that can help you accomplish this. For example, you may install endpoint security software that offers comprehensive protection against various forms of cyber threats or deploy firewalls to control inbound and outbound traffic.

STOP Surfing the Web Unprotected, Particularly When Accessing Downloads

This is particularly true if you are on public WiFi. Starbucks is not going to guarantee your Internet connection is safe, nor is any other business, restaurant or location offering free Internet access.

Public WiFi networks are often unsecured, which means that they don’t have the same level of protection as a home or corporate network. This lack of protection leaves your internet connection exposed to snooping, hacking, online scams and phishing attacks. It’s important to note that cybercriminals love public WiFi networks because they offer a convenient way to infiltrate the personal devices of other users. They can then read, capture, and steal data like login credentials, credit card details, and other sensitive information.

Talk to your IT company (that’s US!) about installing more than just antivirus, but endpoint protection solutions, like a VPN, that will “hide” you from cybercriminals and filter out nefarious websites and attacks so you CAN use public WiFi without the fear of inviting a hack.

STOP Opening and Downloading Files E-mailed to You Without Extreme Caution

Phishing attacks via email are one of the most prevalent forms of cyber attacks used by hackers to gain unauthorized access to a network. In fact, according to recent research, phishing remains the #1 way hackers gain access to networks, and these attacks are becoming increasingly sophisticated.

Phishing attacks commonly take the form of fraudulent emails with a clickable link or attachment that once clicked upon, either initiates the download of malicious software or redirects you to a convincing, but a fake website that requires you to enter sensitive information like your passwords, usernames, or credit card details.

One of the most common types of sophisticated phishing attacks is business email compromise (BEC), in which an attacker successfully hacks into a legitimate email account and impersonates the user to send fraudulent emails that appear legitimate to their list of friends, colleagues, co-workers, and their boss. The emails used in these attacks are often tailored to look extremely convincing, often replicating the official logos of well-known brands, to deceive the user into taking an action that will compromise their data, e.g open an infected attachment, click on a malicious link, or enter their login credentials on a fake login page.

So, before you open or download ANY file e-mailed to you, make sure it was one you were expecting. It’s far safer to use IT-managed file sharing like OneDrive, SharePoint or Citrix ShareFile to send attachments. But bottom line, if ANY file “feels” wrong or suspicious about a file download, including a weird extension or suspicious file name, CALL the person who sent it to verify. If it’s important, they can send it again.

STOP Downloading “Bloatware”

It is not uncommon for legitimate and reputable apps to bundle other applications or toolbars that are not necessary for the primary functionality of the app. The app developers may do this as a way to earn more money through sponsorships, where they make a commission every time one of their users downloads an additional app or toolbar.

However, these additional programs or tools may come with their own set of risks and negative consequences, such as malware, adware, or spyware. Therefore, it is important to be vigilant when downloading and installing new apps.

To avoid installing additional programs or toolbars without your consent, look for checkboxes that are automatically checked by default when installing an app. These checkboxes opt you into additional services, which may not be necessary for the primary functionality of the app.

Always read through the installation dialogues carefully before hitting the “Next” button to complete the installation process. Take the time to really review and understand what you are agreeing to when installing the new app. Only install the components that are necessary and avoid downloading programs or toolbars that you don’t need.

Also, make sure the app you are downloading is from a reputable source. Do your research on the app developer, read reviews from other users, and check the app’s rating to ensure that it has a good reputation and is safe to use.

STOP Downloading Software and the Like from Websites Like MediaFire

File-sharing networks have long been known breeding grounds for hackers who want to distribute malicious software to unsuspecting users. Hackers will often post files that have been infected with malicious code or viruses, taking advantage of the fact that users are often looking for free or pirated software, movies or music.

Moreover, ads on these file-sharing sites can also be malicious and can redirect users to suspicious or harmful sites.

Having antivirus software installed on your device is not a guarantee of protection against these malicious files and ads. Antivirus software can only help to prevent and detect known malicious software, meaning that sometimes it may struggle to identify newer or more sophisticated forms of malware.

You should also be cautious when downloading and sharing files and only download files from reputable sources that you know are safe. Even if you’re using torrent sites that are well known, it’s important to be aware that often bad actors can hijack these sites and insert copycat sites loaded with malware, so always stay vigilant.

Business Owners:

After showing this to your team for both their work and personal devices, click here to schedule a quick 10-minute call to find out how we can implement security systems that will give you stronger protections against hackers and against employees who accidentally click on or download a malicious file.