The newest tech threat to sensitive Finance data

Of course your staffers know not to click on attachments or links in emails from unknown senders. But there’s another clicking credo they need to follow – fast.

Say one of your finance team members is researching new software options for your department.  He or she plugs some key words into a Google or Bing search and – presto – an entire list of possibilities comes up.

Your staffer starts clicking down the list and suddenly the screen freezes up. A message appears saying that unless you purchase a specific anti-virus program (even though your machines already have protection) your machine will stay frozen. And it does.

Your company has just fallen victim to the biggest new threat to tech security.

Cybercriminals have upped the stakes and started implanting malware in search engine results. So even the most innocent of web searches can saddle your business with a whole lot of potentially expensive headaches.

In fact, poisoned search engine results are now the No. 1 malware threat on the Web, accounting for 40% of all cyberattacks in 2011.

Worse yet: Malware or spyware could be secretly downloaded onto a Finance machine when a staffer clicked a certain search result … and you didn’t even know it. Now some criminal has access to sensitive financial and employee data.

Keeping your data ‘search safe’

So how can you and staffers guard against this rising and stealth threat?

There are a few signs those search results are suspect and probably should be avoided. Urge staffers to keep an eye out for the following:

1. “Off” domains.  First, encourage employees to only click on sites ending with .com or .net. Odds are very slim a site ending with .IN or .RU has the info your company needs – and may well be malware.
2. Blacklisted domains. There are lists out there of domains that are known to be malicious, so you’ll want to print and distribute to everyone in Finance so they steer clear. (You can find one at: www.mywot.com/en/forum/3823-275-bad-domains-to-blacklist)
3. Watch what the link looks like. See a string of numbers with % signs and it may be a sign of trouble. If a link looks too illogical, it was probably computer generated and one you don’t want to click on.
4. Previews when possible. Google has a feature where you can roll over a link to get a preview of what’s behind it. That’s one thing you want to urge staffers to take advantage – if it doesn’t look legit, they should avoid it like the plague.