Q: One of my customers recently fell victim to a suspicious download from a fraudulent website. How can I prevent this in the future?
Attacks through websites are not uncommon. As cybercriminals become more sophisticated with attack vectors such as drive-by downloads and malvertising, it has become increasingly difficult for users to detect malicious websites or hidden harmful threats in reputable websites that they had previously visited.
In 2019, Google security researchers identified a number of malicious websites which exploited several zero-day hacks. While these websites are primarily used to hack iPhone users with iOS version 10 to 12, it was later found that the capability can be extended to Windows operating systems for desktop PCs.
The most effective protection you can offer your customers is often in education. Teach them how to spot a phishing website. Here are some tips you can share with your customers’ end users:
- Check the URL before clicking – No matter how the website URL was sent to them, always inspect the URL link for any telltale signs of a malicious website. Here are some telltale signs to look for:
- Malicious websites often mimic a reputable website BUT with added unnecessary words and domains. To inspect the URL, simply hover the mouse pointer over the hyperlink. The URL will display in its full form.
- The source that shares the link with them is also something to pay attention to. Make sure they know the person that sent the URL with them. If it came from an email, educate them to hover over the sender’s name to inspect the email address. If it was a social media share, it is best to not click on the URL. They can explore other methods to get to the URL that can give them more control for URL inspection.
- Once the URL is clicked – Users should always check the website before entering any personal information or login credentials. There are a few things to look for to ensure the website is credible:
- Is the website SSL or TLS certified? The SSL/TLS Certificates encrypt sessions and protects the information sent between the browsers and web servers. To verify the SSL/TLS certificate, hover over the lock icon beside the web URL and select certificates.
- Is the URL a homograph? Copy and paste the URL in a new browser to test its authenticity.
Beyond the human layer of security
In addition to educating your customers’ end users, you should employ multi-layered security measures. For example, as part of your managed services offering, include web security. With a web security solution, MSPs alleviate the risk of human error to enforce security.
As #cybercriminals become more sophisticated with attack vectors, it has become increasingly difficult for users to detect malicious websites and maintain #WebSecurity.
Most web security solutions in the market offer many benefits to protect users from malicious websites. The key features MSPs should look for include advanced DNS filtering and URL filtering for users, reputable threat intelligence network that the web security solution can feed off of, and integration to a remote monitoring and management tool for ease of management.
Not only can a web security solution protect users from web-borne cyberthreats, but it can help MSPs and their customers to define the proper web usage for their users which ensures a consistent cybersecurity governance. As always, a combination of security technologies and educational awareness training will provide the best cybersecurity defense for all clients.
Photo: GaudiLab / Shutterstock