Every popular technology follows a familiar curve. What starts as an obscure, complicated, niche product inevitably gets cheaper, faster, and easier to use.
Malware is no different. Exploits that once required real chops to pull off are now available as ready-built attack toolkits. The only barrier to unleashing one of these things is the user's willigness to break the law.
And there's no shortage of people prepared to cross that line.
Bank accounts are probably the single most popular target for these attackers. Malware like ZeuS and its cousins can infect a system, capture bank login information, and allow a criminal to drain a victim's account in a matter of minutes. Some ZeuS variants will even disable a user's operating system to knock them offline and buy the thief some extra time.
Here's what you as a small business owner need to know: Federal banking regulations protect consumers against financial losses due to fraud. Business bank accounts do not enjoy the same legal protection. While some banks might reimburse a small business that falls victim to malware or online fraud, the vast majority will not.
Think about that for a moment. A single piece of malware on the wrong PC, at the wrong time, could empty your bank account and destroy your business. And there won't be a thing you can do about it.
Those are the stakes. Now here's the solution: A Linux Live CD.
If you have no idea what I'm talking about, don't worry. We'll get you up to speed right now. Here's how security expert Brian Krebs describes the concept:
These are generally free, Linux-based operating systems that one can download and burn to a CD-Rom or DVD. The beauty of Live CDs is that they can be used to turn a Windows based PC into a provisional Linux computer, as Live CDs allow the user to boot into a Linux operating system without installing anything to the hard drive. Programs on a LiveCD are loaded into system memory, and any changes -- such as browsing history or other activity -- are completely wiped away after the machine is shut down. To return to Windows, simply remove the CD from the drive and reboot. More importantly, malware that is built to steal data from Windows-based systems simply won't load or work when the user is booting from LiveCD.
There's the real benefit of a Live CD: Malware like ZeuS never gets a chance to load, so it never gets a chance to attack your bank account. It's the closest thing to perfect security you're going to get in the real world.
(Using a Mac or a regular desktop Linux system can be a good alternative -- malware like ZeuS very rarely targets these OSes. But neither is as safe as using a Live CD.)
Krebs' tutorial on using a Live CD has been around for a while now, but I think it's more relevant than ever. Back in 2009, account-sniffing malware was a curiosity; today it's a plague. And these instant-malware kits, available to anyone willing to buy them, are going to cause the problem -- and the losses -- to explode over the next 12 months.
Here's the bottom line: Don't access a business bank account using a Windows PC. Just don't do it. Ever.
One mistake could cost your business everything, and that's just too high a price to pay. The time you spend learning how to bank using a Linux Live CD might be the best business investment you'll ever make.
Feeling social? Follow me on Twitter @mckenzie_allbiz.
No comments:
Post a Comment