Читать книгу Start-Up Secure - Chris Castaldo - Страница 20

You receive a phone call from an individual at a venture capital firm you've been speaking with about participating in your next round. They tell you they're sending an email with a link to their secure portal to access the terms sheet. You get an email a few minutes after you hang up the call, click the link, it prompts you to log in with your Microsoft O365 credentials. Once logged in you try to open the document and get an error. You call the number back and get a message saying the number is not in service. Suddenly you get a frantic text from your co-founder that production is down hard. You've fallen victim to pre-texting and credential compromise. Since your credentials also worked in your cloud provider account the attackers were able to ransom all of the data in your production database.

In these scenarios, both social engineering and vulnerability exploitation came into play. The email enticed you to open it and then open the attachment. The attachment then contained an exploit that gained special privileges on your computer and encrypted all of your data. The phone call made the email you received shortly after seem more legitimate. While there is no software update that can prevent you from opening the email and attachment, you could possibly prevent the opened document from harming your computer.

All of the five applications I mentioned receive frequent security updates, some more than others. These are just as important to apply as the ones for Windows or MacOS. Some applications will have the ability to automatically download and install updates, but most will not. This will require a small amount of effort on your part to make sure your most used applications are up to date. I recommend checking updates for your web browser, like Chrome, Firefox, and Safari, and any productivity applications, like Word, Excel or PowerPoint. And if you use an email client on your computers, like Outlook or Thunderbird. These types of applications should be updated as quickly as possible; vulnerabilities are constantly discovered since they are the easiest way to compromise a system.