PCA Forums

Great article, and so true. Honestly, this is why I decided to semi-retire. I dropped all my business clients and just do residentials now. The way the world is now EVERYONE gets hacked - and there's really little hope for a small business that can't afford a full-time admin.

The worst businesses are small attorney's offices. The big firms can afford to hire (hopefully) a network admin. I have yet to meet an attorney, with his own office, who takes computer security seriously. These idiots (and their staff) will open ANY attachment, never use secure file sharing services (they email everything in the clear - even the most confidential of files) and are usually using 8 year old computers because - despite the fact that they charge $250 an hour, they're too cheap to upgrade their equipment (not too cheap to buy a new sports car though). They are ripe for every spear fishing attack on the planet.

I know WTF I'm doing security-wise, and I hide behind layers of security, and use No Script in my Firefox browser (which is REALLY painful and inconvenient, I might add), and even so, I worry about getting hacked, because all it takes is one lousy zero day.

https://medium.com/message/everything-i ... e5f33a24e1

Good read.

Tell me about it! I see it first hand, running the IT for a law firm. MY GOD!! These morons will open anything and everything they get into their inbox so I've had to create layers of protection.

It's good article. You can add small medical practices to the list of targets since they have to do all their billing electronically.

Yeah, medical practices were a bit of an issue, but attorneys are worse. Attorneys EXPECT to receive PDF attachments in emails all the time and they are suckers for spear fishing attacks.

It doesn't help that Microsoft, by default, hides file extensions. That's the very first thing I disable on ANY client's computer. Otherwise they're easy suckers for the old DOCUMENT.PDF.EXE attachment scam.

LOS: I dunno how you do it man. If I was the admin at a law firm, I'd lock down EVERYTHING. I'd whitelist websites, I'd make all users limited users, and I'd be monitoring network traffic 24/7, and I'd STILL be crapping bricks every morning worrying about things that probably got through despite all that. That's a high-profile target you work at.

As an aside, it REALLY pissed me off the last time I had to deal with an attorney, and she's sending all kinds of confidential documents in the clear as email attachments. Like that boiler plate footer about not reading this document if it's not meant for you is some sort of mystical protection charm. LOL!

At a company I worked for a good 12 years ago, none of the computers were allowed to run executable files.

FP: I just try to add layers of protection PRIOR to it getting to them. I have everything scanned coming in and out. No exceptions.

I can't stop these idiots from opening things they shouldn't, so I do what I can to make sure it doesn't even get to them to begin with. It also helps that they compensate me very well to put up with their "Ooops" moments.

SIGH

I currently have our Barracuda spam filter quarantining almost all attachments. My tech or review what it is then send it on its way, thats how much I trust everyone here......

There is no way to protect yourself perfectly, just like there is no way to know if you step off that one curb, that a bus will take you out or not. But simple smart browsing and a little common sense goes a long way.

Dumb people who open attachments from people they don't know? I mean seriously? You'd be surprised... That and all the ones getting crap on their computer from viewing porn sites. For all those people who think their Mac is the most secure computer in the world, they are just fooling themselves.

Their low market share just isn't worth the effort. Much better to go after a whole ocean of fish than a pond of a few fish.