Here’s why email poses a significant cyber threat to your business

Emails aren’t secure and there is no commercial solution in the marketplace to address this. Here’s why:

There are two obvious points of vulnerability with respect to email: the recipient and the sender. Most malware is designed to penetrate email accounts and as we have mentioned in previous blogs, it is becoming increasingly easy to guess passwords.

The less obvious, but equally vulnerable points of entry for a hacker are the network and the server. Just say your service is Outlook.com and you send an email to someone using gmail, which are two typical email providers for small businesses. Each connection between email providers involves multiple switchers and routers which are controlled by different entities. It only takes one of the networks to be vulnerable in order to expose your sensitive email to a third party hacker. Similarly, the ISP’s store your email on servers that are also constantly under hacker attack. As a general rule, ISP’s do not spend the resources to encrypt the emails that are stored to their servers.

There are some companies with promising technologies to enable encryption, but at this point, we have not seen a solution that addresses the fundamental vulnerabilities described in this blog posting.

What to do about ransomware (part 2)

This is the second part in our series on ransomware. The first blog article is here.

As a general rule on this blog, we provide solutions that are executable for most of our audience. In the case of ransomware, our guidance is simple.

1) Under no circumstances should you pay the “fine” – no matter how small. Your computer is being held ransom by criminals and there is no reason to believe that if you pay the ransom, they will release it to you. If anything, you have now provided your credit card information to criminals. Even if you have paid the “fee” and your computer appears to be operating normally, the likelihood is that the criminals are planning further attack or have infected your PC for some other nefarious purpose.

2) Ransomware is a relatively sophisticated form of malware and we strongly suggest that you take your PC to a data recovery professional who has experience with ransomware.

How to get remove ransomware (part 1)

Ransomware (also known as scareware) is a class of malware that restricts you from using your computer until you pay a fee (“ransom”) to the creator of the malware. The two classes of ransomware are encryption ransomware that encrypts the files on the hardware preventing you from accessing them without a password and lockscreen ransomware which locks the screen and displays an image or webpage until the fee is paid.
Most ransomware mascaraed as legitimate law authority that claims to have detected illegal actions on your system. In order to avoid legal sanction and to regain access to your data, you are required to pay a fine.

Next: What to do if you have been attacked by ransomware