???????????????????????????????????

JPMorgan Chase and up to four other banks were victims of malicious software cyber-attacks, better known as malware. Malware are programs or applications that disrupt or damage the normal operation of a computer or electronic file system. The intent is to access confidential data or other valuable information for the cyber criminals that created it.

Lack of employee training in cybersecurity is one of the main vulnerabilities hackers rely on to gain access to operating systems. That vulnerability is what contributed to the malware attack on JPMorgan Chase—it was traced back to an infected employee computer that directly linked into the company’s network through a VPN, stealing customer savings and checking account information.

According to Kevin Beaver, information security expert and Preparis X-Force member, “people often create the weakest links in the information security chain. If it’s not a user unknowingly clicking a malicious hyperlink or attachment, it’s a careless IT or security staff member that hasn’t thought through the organization’s information risks and implemented the proper controls to prevent it in the first place.”

With more than 24 years of experience in IT, Kevin Beaver is the author of 11 books on information security including the highly-popular "Hacking for Dummies" and "The Practical Guide to HIPAA Privacy and Security Compliance."

With more than 24 years of experience in IT, Kevin Beaver is the author of 11 books on information security including the highly-popular “Hacking for Dummies” and “The Practical Guide to HIPAA Privacy and Security Compliance.”

Beyond the practical considerations for preparing for a cyber-threat, such as antivirus software, firewalls, and security patches, “one of the best things people can do to avoid malware infections goes beyond the ‘don’t click the link’ advice into more of a mode of situational awareness—knowing what’s where, how it’s at risk, and then doing something about it. Most organizations are deficient in all of these areas and that’s why we keep seeing breaches like this one.” Here are tips to avoid malicious software penetrating your network:

  • All employees should be trained on potential malware threats and how to avoid them.
  • All employees should be shown how to verify antivirus software is installed, current, and active on their computers.
  • All employees should also be educated on how to recognize and avoid social engineering aimed at tricking them into divulging information or installing malicious software.

It is important to remember that “you need to not only educate your users once, but over and over again. That, combined with your IT/security staff fixing the 20 percent of security issues that create 80 percent of the problems, can mitigate malware-related risks.”

Clients can access specific information on malware, including the Malware Checklist and the Information Security training course, in the Knowledge Center of your Preparis Portal. For general information on cybersecurity, you can watch the Cybersecurity for Asset Managers webinar here. Or, get your copy of the Malware Checklist by emailing us at info@preparis.com.