Arm your business against cyberattacks

August 2017—

1 in 3 retailers has been hit by a cyberattack—could your store be next?

Furniture retailers face an increased security concern with the rise in information augmentation on cloud-based platforms. You’re potentially exposed to the threats of malware-infected programs and cyberattacks (malware is software intended to damage or disable computers and systems). Almost one in three retailers has been the target of cyberattacks according to Cisco’s Annual Cybersecurity Report published earlier this year.

Panda Labs, a malware-detecting company, reported the capture of 18 million new malwares in the second quarter of 2017. That’s 200,000 malwares per day. An even more alarming fact is that these malware files were reported by just one company, which then begs the question as to how many companies and retail businesses have network infrastructures where malware goes unnoticed.

In addition to viruses and Trojan horses, ransomware attacks are on the rise. Ransomware is a type of malicious software that blocks access to your data or threatens to publish or delete it until a ransom is paid. There were 300-percent more ransomware attacks in 2016 than 2015; more than 4,000 daily attacks and they’re expected to increase this year.

These statistics show there’s a high probability of both individual users and retail businesses becoming victims of cyberattacks. What do retailers plan to do about this threat? Apparently, not much.

Barkly, an online defense software company, surveyed companies that had already been exposed to a cyberattack and asked what plans they had to protect themselves moving forward. Fifty-two percent of those companies said they weren’t willing to make any updates or changes to improve their security systems even after encountering an attack.

Why are companies reluctant to make any changes after they’ve been exposed? The biggest reason is because malware is ubiquitous and companies don’t pay attention unless a serious threat is posed. The real concern for organizations starts when there’s a possibility of data or information infiltration.

Four out of 10 organizations that were surveyed by Barkly reported they would not be concerned to find malware at their endpoints. However, 78 percent reported they’d be extremely concerned and consider upgrading the security systems in case of data theft caused by a malware cyberattack.

5 steps to ID malware:

Malware seems inevitable and even with antivirus software installed the chances of being a victim of cyberattack are not completely eradicated.

This is primarily because malware is regularly updated and the antivirus software is incapable of detecting these programs. Many businesses neglect to upgrade their antivirus software continuously, which renders it incapable of performing its function of identifying infected files effectively.

How can you successfully identify malware infections? Here are a couple of red flags to look for:

  1. The system slows down. Malware hinders the performance and functionality of the system and the result is a slow processing unit. However, it’s important to note that malware isn’t the only cause for a slow system.
  2. Unwanted pop-up windows. Pop-up windows are usually infected with spyware. If you see a pop-up from an unauthenticated or dubious site, navigate clear of that window without clicking it, as this can sometimes infect several systems throughout the network.
  3. Automatic change in homepage. A toolbar appears out of nowhere or you’re redirected to a specific website again and again; these are clear signs of a presence of a malware.
  4. Automatically appearing prompt. The prompt windows start appearing on your screen out of nowhere. Strange files start downloading without you running the installer program, windows will shut down, restart or crash on its own or you’ll observe strange hardware activity. For instance, suddenly, your hardware runs out of space. All these activities prompting on their own without external command or output indicate the presence of virus infected files in the system.
  5. Logged-in accounts report automatic activity. Viruses and malware infected files try to disable the system’s security system and infiltrate personal accounts and data. Your contacts as well as customers will be receiving malicious messages or emails from your accounts without you prompting them of course.

Once you suspect or verify that you have a malware problem, what’s next?

5 ways to remove malware:

  1. Scan for viruses and malwares. The process of cleaning an operating system of any possible malware and infected files starts with scanning.Scanning will detect malware threats or technical issues that compromise performance and security.
  2. Install and run multiple antivirus programs. If a malware is left undetected by one program it can be detected and removed by another.
  3. Enter safe mode. Some malware programs are prompted to be automatically installed as soon as the system starts. Safe mode allows only a couple of basic operations to be performed and restricts all other advanced functions. Safe mode will restrict automatic download from happening and you can easily remove infected files from your computer. This is especially helpful for systems on the employee network.
  4. Create a backup for your files and customer data. Your information and data is of prime importance. Don’t forget to create a backup before running an antivirus program.
  5. Update your operating system and have employees change all their passwords. Don’t think the threat of cyberattack is eliminated once you’ve cleaned your network of malware.

You’ve discovered the malware and gotten rid of it; now what?

5 ways to prevent attacks:

  1. Update your server system regularly. Operating systems have built in security functions and regardless of the popular belief these updates are not useless. When users cannot see and identify any significant differences in the updated programs they render those updates pointless. However, users are not aware about the programming happening at the backend. The same is true for company servers. Even when there’s no apparent change in the operating system the security system in updated algorithms is improved.
  2. Control plug-ins. Unidentified plug-ins are a major cause of infecting your system with malware. Your system is at a higher risk of cyberattack if you have enabled automatic download of plug-ins. It’s imperative to control and manage pop-ups and plug-ins across your entire network to minimize the chances of cyberattack.
  3. Install multiple antivirus software and keep them current. This is probably the most obvious precaution, but also one that’s overlooked. This improves the security of your system in protecting it against the malware. Even better is to install an antivirus that is geared specifically towards retail businesses.
  4. Run regular scans on your operating system. Installing anti-malware software isn’t going to do anything on its own if you don’t use it. It’s imperative to run regular scans on your operating system to minimize the risk of any malicious virus hampering with the productivity of your system, especially when you have customers awaiting timely deliveries and updates.
  5. Be wary of malvertising. Malware emails are the most common source of getting an infected malware file into your network. Avoid opening suspicious emails; before clicking any link put your cursor over it to see where the link is taking you.

Another option is investing in a cyber-security solution. If you choose that option, be sure to look for a solution that takes care of emails, internet traffic and internal network security; uses a sandbox environment to detonate emails with bad attachments or content; has internet web filtration that takes care of access while working within a corporate network; and offers desktop and mobile device protection strategies to eliminate the vulnerability risk of getting infected.

The key to security—be it cyber or otherwise—is to be proactive rather than reactive.

About the Author

Amitesh Sinha
Amitesh Sinha has gained a reputation for inventory software solutions. He can be reached at amitesh@iconnectgroup.com