• About
  • Mortgage Basics
  • $40K Challenge
  • Aunt Doris
  • Grandfather Says
  • Privacy
  • Archives

Len Penzo dot Com

The offbeat personal finance blog for responsible people.

How Businesses Limit Damage from Toxic Plugins, Software & Hardware

By Tex Freitag

The tech services giant, IBM Corporation, suffered a recent embarrassment when it was forced to issue an alert on its support site notifying its customers that it had shipped malware-infected USB flash drives. The fact that this problem hit a large company like IBM made it a newsworthy story, but the reality is that infected USB drives, Remote Access Trojan (RAT) hijackings of webcams, and clickable scams are more common than you might imagine.

These infections, hijackings and scams are a growing source of danger for every business. Consider, for example:

  • Cybersecurity expert, Mikko Hypponen, notes that, “Once you gain access to somebody’s system it’s trivial to turn on the webcam and record whatever they’re doing, or to just turn on the microphone and record whatever is being spoken around the infected laptop.” Hackers can gain that access through malware inserted into a link or an email attachment sent to an employee. Hackers can then use the webcam to record everything that is discussed in a business.
  • Almost 10 years ago, a cybersecurity company determined that one-fourth of all USB drives contained infected code and that the majority of new malware was being written to propagate through USB drives. Employees routinely receive drives as promotional items at trade shows and from vendors; so if a company with as many resources as IBM cannot prevent malware from infecting USB drives that it distributes, it is likely that smaller companies will have similar problems.
  • Computer users have become accustomed to seeing frequent notifications to update flash players and other software. In 2016, hackers relied on this to propagate malware through counterfeit flash player update notices that targeted Mac desktop systems. The fake update installed unwanted plugins on the devices when users clicked on the update link.

Browser plugins from legitimate and trusted sources do have valuable uses. A plugin, for example, can integrate a real-time spell checker, or it can perform auto-complete tasks that make it easier to enter data into browser applications. Unauthorized plugins, however, can have more nefarious purposes. They may be merely bothersome, for example, by directing a browser to go to a site that advertises products or services. They can also co-opt a computer into spying on its users by recording sound and video, or through keystroke monitoring that can divulge confidential passwords and personal information.

Businesses should take every precaution to deter employees from installing deceptive plugins into their browsers. Ideally, all browser modification and all software changes and updates should be centralized into an information technology department that is trained to distinguish authentic from fake update notices. For third-party products that are not sourced from the browser’s original author or distributor, this might include verifying the source and authorship of any plugins and researching the plugin’s history and ratings on message boards.

If a business suspects that one or more of its machines has been co-opted to spy on the business’s activities, that machine should be taken offline immediately and analyzed to determine what information it might have provided to an outside source. If customer information was compromised, the customers should be promptly notified of the potential for theft of their financial or personal information.

A good cyber insurance policy can help a business cover the costs and liabilities that inevitably flow from a toxic plugin attack. That policy might cover the costs of replacing affected machines, as well as liabilities to third parties and fines from regulatory authorities that can be levied if the business is deemed to have ignored cyber threats or failed to adequately protect third-party information. In every case, a cyber insurance policy is often the last line of protection against losses from toxic plugins and their malware kin.

Photo Credit: Visual Content

July 14, 2017

Comments

  1. 1

    RD Blakeslee says

    In addition to corporations, Individuals are also targeted, of course.

    Right now, there are phishing attacks targeting those who pay for online purchases through PayPal.

    PayPal has one of the most robust fightback systems on the web.

    They want a copy of any suspicious email ostensibly associated with PayPal, to be sent to their fraud department.

    They continuously shut down malicious servers all over the world.

    • 2

      Len Penzo says

      You are absolutely right, Dave. In fact, I think individuals are the primary target. Most corporations worth their salt tend to have very good IT teams that make hacking attempts on them difficult — so it makes more sense for those hackers to go after the little guy since it is more likely to bear fruit.

  2. 3

    RD Blakeslee says

    Should add: Don’t click on anything in the email – just forward it unmodified to PayPal.

The Question of the Week:

Will you be hosting/attending a barbecue during the Memorial Day weekend?

View Results

Loading ... Loading ...

Recent Posts

  • Black Coffee: The Wise and the Wicked
  • How to Create a Long-Term Plan for Your Ultimate Financial Goals
  • A Memorial Day Tribute from Aunt Doris: Shaken — Not Stirred
  • Money-Saving Strategies for Leasing a Property
  • 6 Ways to Create a Stylish Home Office on a Budget
  • 9 Indispensable Financial Tips for Teens & Twentysomethings
  • Black Coffee: Back to the Borscht Belt
  • Buying Your First Home? Here Are Some Financial Assistance Options
  • Yes, You Can Afford It!
  • 100 Words On: Why It’s Not Poor Etiquette to Put Ketchup on a Hot Dog

Disclaimer

This site is for informational and entertainment purposes only, and the content herein should not be mistaken for professional financial advice. In fact, making investment decisions based on information published here, or any other website for that matter, is more than unwise; it is folly. This website accepts advertising in the form of monetary and other compensation; as such, topics of discussion are occasionally influenced by these advertisers. Sometimes, an article may also include affiliate links, meaning, at no additional cost to you, this blog earns a commission if you click through and make a purchase (for example, as an Amazon Associate I earn from qualifying purchases). Remember, you and you alone are responsible for the decisions you make in life, so please contact an independent financial professional for advice regarding your unique personal situation.

Sign up for the weekly Len Penzo dot Com newsletter
Len Penzo dot Com Delivered Weekly
Join more than 40,000 readers and fans who enjoy personal finance and macroeconomics with an offbeat twist!
Invalid email address
Thanks for subscribing!

Popular Now:

  1. 1. The 6 Most Valuable Grocery Store Products
  2. 2. Series I Savings Bonds Are Now Paying 9.62%; Here Are Their Pros & Cons
  3. 3. 25 Examples of Shrinkflation That No Longer Fool Consumers
  4. 4. 7 Big Reasons Why a Roth IRA Isn’t the Best Way to Save for Retirement
  5. 5. 3 Ways That Great Sleep Helps You Get Richer
  6. 6. What’s the Fastest Way to Pay Down Your Mortgage Early?
  7. 7. How to Save Money on Dental Care So You Won’t Go Broke at the Dentist
  8. 8. Historical Gold & Silver Benchmarks for Wages and Commodity Prices
  9. 9. Tip Inflation: We’ve Got Nobody to Blame But Ourselves
  10. 10. 4 Good Reasons Why Some Quarters Are Painted Red

All-Time Most Popular:

  1. 1. 19 Things Your Suburban Millionaire Neighbor Won’t Tell You
  2. 2. Dear Friend: Here Are 41 Reasons Why I’m NOT Lending You the Money
  3. 3. Why Your Expensive Luxury Car Doesn’t Impress Smart People
  4. 4. If You Can’t Live on $40,000 Annually It’s Your Own Fault
  5. 5. 21 Reasons Why Corner Lots Are for Suckers
  6. 6. 4 Smart Reasons Why College Isn’t for Everyone
  7. 7. 18 Fast Facts About Social Security Numbers
  8. 8. My Ketchup Taste Test: Upset! Guess Which Brand Topped Heinz
  9. 9. Why I Prefer a Spreadsheet to Track Expenses and Manage My Finances
  10. 10. Here’s a Simple Trick for Getting Credit Card Interest Charges Waived

Copyright © 2022 Len Penzo dot Com · All Rights Reserved · Designed by Nuts and Bolts Media

© Len Penzo dot Com 2008–2022