Cybersecurity Awareness Month – Malicious Websites

Malicious websites are everywhere

Traveling on the Internet from site to site carries a certain risk of attack. Malicious websites pop up out of nowhere, or worse, trusted websites are compromised and infected with malware to attack unsuspecting visitors. How can you feel safe surfing the internet? With these practical tips from CyberHoot, we can help greatly reduce your chances of falling victim to a malicious website on the Internet.

First, be careful when visiting websites to avoid clicking on a website you accidentally type into your web browser. If you accidentally type in a bad address, hackers may try to steal your credentials inside domains with typos. Visiting such a site may cause you to give your login credentials to a hacker and then you are in serious trouble.

Even if you’re careful where you go, sometimes a legitimate site can be compromised and host malicious code that it will push onto your computer when you visit. The best fix to protect you here is to always patch your computer and browser. Do not ignore this message in the browser that says “Restart your browser to apply necessary fixes.” Do the same for all your applications and your operating system. Good system hygiene is built on regular maintenance of your devices. Don’t forget your IoT devices (smart TV, security systems, refrigerator or anything with internet connection).

Third, you should consider adopting domain name services that filter out malicious websites. There are free DNS protection services that can help protect you personally. Businesses should consider paid services. Below is a list of highly rated services on G2. Explain how these The work of DNS protections is studied hereBut suffice it to say, you won’t be visiting as many dangerous places with these solutions.

Beyond these measures, CyberHoot warns you about visiting nefarious sites that may not have a business need or that typically host malware. Stick to reputable sites instead of clicking on anything that pops up in searches or ads in your browser. Adware is another nuisance that can lead to problems.

With CyberHoot you can learn about much more than how to avoid malicious websites or URLs. You will learn about password hygiene, why the password manager is so important and how to identify and avoid phishing attacks. Additionally, you can hire CyberHoot vCISOs to help you implement all of the cybersecurity best practices listed below.

CyberHoot Best Practices:

1. Train your employees on the common attacks out there. From weak passwords and password managers, to the importance of multi-factor authentication and how to spot phishing attacks. Awareness is the key to protecting your business.
2. Control your employees with a cybersecurity policy, including acceptable use, password, information handling, and a written information security policy.
3. Establish cybersecurity best practice processes, such as the Vulnerability Alert Management Process (VAMP) and the Cybersecurity Incident Management Process (CIMP) to guide and require action in response to an emergency. Then move on to the onboarding and offboarding processes, SaaS management processes and third party risk management.
4. Create strong technical defenses including: firewall, anti-virus, anti-malware, anti-spam, multi-factor authentication on all critical accounts, enable full disk encryption, manage keys carefully, and most importantly, adopt, train and require all employees to use the manager Passwords.
5. Test employees on how to spot and avoid phishing attacks. CyberHoot has released a disruptive method of Phish Testing to fill your employees’ knowledge gaps without punishing them for failure. Instead we reward them for success. More information is available here.
6. Back up your data by following our 3-2-1 backup methodology to ensure you can recover your business from a cyber security incident.
7. In the modern age of working from home, make sure you manage personal devices that connect to your network by verifying their security (patching, antivirus, DNS protections) or completely banning their use.
8. If you haven’t had a third-party risk assessment done in the last two years, you should do it now. Establishing a risk management framework in your organization is critical to addressing your most difficult risks with your finite time and money.
9. Buy cyber insurance to protect you in the event of a catastrophic failure. Cyber ​​insurance is no different than car, fire, flood or life insurance. It’s there when you need it most.

CyberHoot believes that for many SMBs and MSPs, you can greatly improve your defenses and the chances of not becoming another victim of a cyber attack if you follow the advice above.