Don’t ‘just trust the logo’: Luke Connolly, a threat analyst with cybersecurity software and consulting firm Emsisoft, said the fact that the FBI has issued a warning is a good indication that this issue is fairly widespread, and should be taken seriously.Defenses, he said, include only using services from trusted vendors, using endpoint protection to scan any files from external sources before opening them, using web protection to block access to known malicious sites, and carefully inspecting the URL of any site with which you’re exchanging information. Do not, said Connolly, “just trust the logo. Scammers use domain names that look convincing, but are not what they appear to be, combining ‘rn’ to look like an ‘m’ at a quick glance.”
IT can mitigate the risk : IT can help mitigate the risk, Shipley added, by addressing the underlying issue. “Understanding business friction pain points like file conversion can help transform the relationship with fellow employees, turning IT and security teams from the dreaded Department of No to the friendly Department of Know How to Do this Safely,” he pointed out.The easy answer, he said, is for IT to make sure regular users can’t install software from unapproved sources and that browsers and operating systems are updated. But, he noted, “that doesn’t stop someone from trying to work around controls if they think they need to do something for their job and the tools are not provided.” For example, they may email the file to their private account and use an unsecured personal device to perform the conversion.The only way to mitigate this risk is through user education, and by providing the tools people need to do their jobs successfully, he added.Ullrich agreed. He said that users should be cautious about the sources of any downloads, sticking to official app stores where possible. And, he added, “an organization’s security team should also support users by offering repositories of vetted tools. Anti-malware may help, but tends to be hit or miss.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3853045/fbi-warns-beware-of-free-online-document-converter-tools.html
