June 6, 2018

    5 Steps to Take Post Malware Attack

    As the programs you use to protect your information get more sophisticated, so does the malware designed to steal from them.

    Malware, or malicious software, is used by hackers to gain authorized access to data. Malware has been around for a while – think computer viruses – but methods are growing more advanced each day. Now, hackers use stealthy methods like Trojan horse software designed to look like a legitimate website or ransomware which requires users to pay a ransom while hackers hold their data hostage.

    You’ve probably seen numerous articles talking at length about the different ways to secure your data and protect yourself and your company. But, what happens if the damage is already done? Whether you’re cleaning up from a malware attack or you just want to be prepared for the worst, you need to have an plan for what to do when a breach occurs.

    Before you can take action, you need a full understanding of the risks associated with a data breach and why it’s too important to keep your FTP passwords safe.


    Compromised Passwords: How You Could be at Risk

    First, let’s look at what is really at risk when your passwords are compromised. It’s more than just the inconvenience of changing your password. Your entire business operation could be compromised.

    When malware steals passwords, you may think that when an attack occurs, you’ll notice immediately. In fact, these malware attacks are not usually aimed at copying your files from your FTP site. And, these attacks are not typically followed up by any downloading of sensitive files – initially. Instead, more often than not, a small file will be uploaded and deleted, with the hackers noting the vulnerability that exists in your account for later use.

    Ultimately, these hackers use malware to gain access to content that is then published to a web server. That content can be later used in a phishing attack. Because you don’t want your files to be exposed to this kind of access, it’s crucial that you find an FTP solution that doesn’t expose your workspaces or files to the web.


    Cyber attacks put 60% of small companies completely out of business!

    Did you know your employees are your greatest risk?

    Get Your FREE Data Security Training Guide


    5 Steps to Take Once Your Password Has Been Compromised

    If malware steals passwords for your FTP solution, there are a couple of ways you could find out. A top FTP provider, FTP Today for example, has experts who constantly monitor your file uploads for suspicious activity. If they detect a suspicious test file upload by a hacker, like mentioned above, they’ll immediately blacklist the hacker’s IP address. FTP Today also provides Transfers Report, where you would see if this type of file had been uploaded.

    Once a breach is detected, you can take action. Here are some steps you should take once you realize you’ve lost control of your FTP passwords.


    1. Change Your Passwords and Enforce Strict Password Policies

    First, initiate a company-wide master password reset. This will immediately kick anyone out of your FTP solution who shouldn’t be in there. When passwords are reset, make sure they align with your password policies to improve password strength. Require all new passwords to have the following elements:

    • 8+ characters
    • Capital and lowercase letters
    • Special characters
    • Original password (not reused from other accounts)
    • Non-personal information

    You should also set expiration dates on passwords, so this doesn’t happen again. Frequent changes, like once every 90 days, maintains password security.

    Finally, you should reevaluate your password protocols regularly, and update them as needed. Because hackers are always changing their methods, updating your policies will keep them relevant for increasingly advanced attacks. Be sure to communicate these policies to your employees so a breach is less likely to happen.


    2. Upgrade Your FTP Client Application

    In the same vein, your FTP application needs to keep up with new malware attack methods, too. Update your FTP client application to ensure you’re not using an outdated version full of vulnerabilities. Your FTP host – if you’ve chosen a good one – can recommend a solution that is updated frequently to ensure it’s harder than ever for malware to steal passwords.

    In the past, older FTP client applications you might have used likely stored all your FTP login credentials in plain text files, making it easier for data to be stoles. Newer versions of commercial software typically encrypt the data with another master password, adding a layer of security to your file sharing process. But, be forewarned, freeware apps will still store your passwords in plain text and cache recent entries.


    3. Scan For and Remove Any Found Malware

    If you’re the victim of a data breach and malware steals your password, you have a number of tools at your disposal to identify and remove the malware. One such tool is Malwarebytes, a cybersecurity and anti-malware solution. A tool like Malwarebytes will scan for any malware and remove it from your device.

    This tool is affordable both for individuals and businesses. There is a free version for individuals who want to see if their data has been compromised and an upgraded version that costs a small annual fee depending on the number of devices you need scanned. For businesses, there are a variety of different plans you can invest in for a few hundred dollars each year.


    4. Enable Multi-Factor Authentication

    Now that you have eliminated the problem, you need to take steps to prevent malware from stealing your passwords in the future. One such proactive measure is adopting multi-factor authentication methods. This uses another form of authentication to verify a user’s identity when they log into your FTP solution.

    A code is sent to the user’s phone via text message or to an email account. Multi-factor authentication can also come in the form of a correctly answered question only the user would know (i.e. mother’s maiden name). Once the code (or answer) is entered, the authorized user has access to your FTP solution.

    The greatest benefit of multi-factor authentication is that even if your password is hacked, you will get a one-time password sent to you via SMS or email. This lets you know someone has your password, and the attempted login will not be successful.


    5. Enable IP Restrictions

    Finally, IP restrictions are a great way to prevent unauthorized users from accessing your FTP solution, even if they have a valid password when they’re attempting to do so. When you enable IP restrictions, you can ensure your solution is only accessed from approved locations. Each account has access permissions that should be limited to specific IP addresses, so no one can log into your account from an unknown location.

    When malware steals passwords, your strongest partner to regain security is your FTP host. They’ll know how to handle the data breach, and they’ll be able to help you avoid the compromises in the future. Talk to your FTP host about prevent malware stealing passwords, or choose a new FTP provider who you believe can help you keep hackers at bay.

    Take steps to make sure your data is secure. Download this free training guide now to help educate your employees on data security best practices.

    New Call-to-action

    Martin Horan

    Martin, Sharetru's Founder, brings deep expertise in secure file transfer and IT, driving market niche success through quality IT services.

    Other posts you might be interested in

    View All Posts