Laptop & Desktop Computers

Okay, let's talk laptop and desktop computers. Attackers will often use a compromised laptop or desktop, or a mobile device for that matter, as a beachhead to gain entry into an office network. The primary threats there include malware and data breaches. Just very quickly I'll mention the different kinds of malware because different ones act differently. One you've probably heard of is called a virus and that actually requires a little help to spread because it's sort of piggybacking on another file. So you have to open it or click on it or something like that to get it to actually turn on. Another one is called a worm, which will spread all on its own. And there was an infection in early 2018 called WannaCry, which is a type of ransomware. It's type malware. We'll talk about that soon, I promise. And that just jumped from system to system without any help.


That's a worm. Another one, which is probably the most frequent one you'll see now is something called a Q#1 Trojan, short for Trojan horse. And that's something that looks innocuous or even helpful that has malware attached. Something like you download something from the Internet and there's secretly malware with it. A last one I'll just mention is something called a logic bomb, which is malware with trigger. Something like when doctor Fred logs in, it clicks on, that kind of thing, or clicks on a certain time. Now how do these actually happen? It's a few different delivery methods. One is coming from the web. So basically you click on something and that website is infected and as soon as you go there it tries to attack your computer. A lot of times they can come through email, either an infected attachment or a link to basically a web based attack, or it can also be direct access.


That can be either what you'd call infected media - something like an infected stick drive or disc is put into your computer and then it attacks, or you're on the same network with another computer that's been infected and you effectively get attacked through the network connection. Now what are the "payloads"? What can these things do to you? I mentioned ransomware. That's one that will basically encrypt your data and then they charge you to get it back and they don't always actually release it even if you pay, but I digress. You can have something that might spy on your computer, including taking over the camera or reading keystrokes. There's a really nasty thing called a rootkit which can totally control your stuff in the background. There is wiper malware which basically literally destroys the stuff on a network and there's other ones which will sort of co-opt your computer to use it for other stuff.


Something called the botnet where basically your computer is sort of a zombie and it's getting used effectively and you have no control over that. It's also something called an advanced persistent threat or APT, where someone just sort of sits on your network for a while and just steals stuff quietly in the background. Now often these are bundled together, which is why I'm mentioning all the little variations because you normally don't get just one. Keep in mind Q#5 when you watch a TV or a movie, they're talking about attacks, often there's some big alarm or warning. Doesn't happen with real attacks. They're sneaking around your house. They don't want to make any noise. Now another thing to look at is loss or theft outside the workplace. There was a study done by a security vendor called Trend Micro running from 2005 to 2015 and what it found was nearly 41% of all the data breaches it discovered were due to lost devices like laptops, tablets and smartphones.


Another issue is who has access to your work computer? Are you bringing it home with PHI on it? And if so, does your spouse look at it? Can your kids look at it? Not that they're trying to do anything malicious, of course, but that could potentially introduce a new avenue of attack, if you will, if they download something, not realizing it's infected. Not that some super evil hacker is trying to break into your network that way, but a lot of attacks are automated and they'll just suck up anything they can find. So what do you want to do to actually protect your computer? First and foremost, make sure that your software is up to date. This is referred to as "patching." A lot of programs can be set to update automatically. Always do this as the vast majority of malware doesn't go after brand new stuff.


There's a term called a zero day. If you've heard of that, it just means something that hasn't been patched yet. That's actually pretty rare. The vast majority of attacks go after something that's been fixed already because it's easier. A lot of the companies when they put out these updates or software fixes will basically tell people, okay, we fixed these three things. What that also means is from an attacker's standpoint, it's a guide going, "oh great, we'll go after these three things because most people haven't put the patch in place." So with that in mind, if you're up to date, most of the attacks will bounce off your network because it's protected. Now realizing that most systems are either Microsoft or Apple or possibly a third one called Linux, those can be generally set to update automatically. The third party programs, apps, etc, those you have to keep an eye out for.


And there are a few programs that can help with that. One is called the Software Vulnerability Manager from a company called Flexera. Another one is KC Softwares' SUMo, which stands for Software Updates Monitor. There's another one called PatchMyPC. There's another one coming soon from a company called SecTeer, and that's called VulnDetect. Now you don't have to write all these down. I'll put them in the notes, I promise. Now not all programs do update in the background. So what I mean by that is don't forget to turn off or reboot your computer and keep all of your apps up to date because sometimes it'll download it, but nothing happens until you restart the computer. Plus, generally speaking, it's a good idea to shut it down at night because when attackers do go after a computer, it only works if the computer's turned on.


So if a computer's turned off overnight, no one's going to be able to attack it because there's no power. Now, one of the thing to mention, Apple computers: not immune to malware. So if you have one, make sure you're taking these steps as well. Now, other things you want to include. If your software has firewalls allowed, turn them on. Firewalls are useful. They're basically like a filter for traffic coming in and there's effectively like a set of rules. What it allow, what it doesn't allow. It's an extra defensive measure. Always a good thing to have. Antivirus software is also helpful. It's not going to stop everything. The basic way it works is it's looking for snippets of code and basically malware and if it catches it, it stops it. That type of thing. Like I said, it won't catch everything, but the more layers you have between you and the attacker, the more likely that something's going to catch it.


Another thing to do is something called OS hardening. That's operating system hardening. Basically. Any programs, applications, user accounts, etc., that you don't use, get rid of them. You don't need them because if they're on, they're basically just like an open window in the back of the building that you don't think about it anymore. But a burglar can go right through and just like that an attacker can do that. Also, Admin privileges we discussed a little bit in the network section. That's a basic account in which you can download, modify and delete programs. While that may not sound like a huge big deal, that means if an attacker gets control of one of those, they can do all that stuff on your network and your computer, individually. So that's pretty bad because they can just start downloading malware. They can change things that are on it.


You don't want to have that. Now there's a second type of account that's very easy to set up. It's either a standard account or a guest account, depending on the type of system you're using. Definitely use those. If you don't absolutely need one, do not use an Admin account. And in fact if you do have one, make sure you also have a secondary standard account and leave the Admin account turned off unless you actually need to use it. Because again, it's just terrible exposure for your network. Also a good thing to do is data encryption. Now there's the idea of full disk encryption - which we discussed - versus file-based encryption. Full disk encryption is great in that it encrypts everything on the computer when it's turned off. File based encryption is cool because you can encrypt parts of the data like say PHI when the system is turned on.


So even if somebody's in it, it's still encrypted. A problem with full disk encryption. It's great if someone tries to steal your computer and it's turned off because then it kicks in. The problem is if it's turned on or someone's in the system, full disk encryption isn't engaged. Now there are two basic types of full disk encryption. You can use, um, commercial versions of Windows have something called BitLocker. And for Mac computers you have something called FileVault 2. They both come right on the system and for file-based encryption, there's a lot of different options out there. A lot of them are good also with your computer if you're remotely accessing your network and especially obviously if you're accessing anything even related to PHI, but even if not, use something called a virtual private network. A virtual private network is sort of like a tube connecting through bad stuff, which the Internet by nature tends to be a sketchy neighborhood if you will.


Try to imagine, for example, I'm on one side, let's say you're on the other side of badly polluted pond and I need to get you some clean water. So how do I do that? Maybe I'll set up basically a big tube, almost like a giant straw where I can send the water through to you where it doesn't get attacked by any of the gross stuff in the messed up water around it. So what that'll do is basically it gives you a secure conduit back and forth. A virtual private network is an electronic version of that. In fact, in effect, when you log on, you encrypt on one side, it goes through the tube, comes out the other side, decrypts for you, and use a password to go through "poof" and out. Obviously some of these may sound a little technical, so if you need, don't hesitate to bring in a security professional to help you if you're not completely comfortable handling this yourself.

Attackers often use a compromised laptop or desktop (or a mobile device for that matter) as a beachhead (i.e., initial point of compromise) to gain entry into an office network. Primary threats include malware and data breaches.

Malware can attack your network via:

  • The Web;
  • Infected attachments and weblinks in emails; and
  • Previously infected media or a compromised computer on your network

Use protective measures:

  • Keep software patched (up-to-date)
  • Harden your operating systems (known as “OS hardening”), by removing any programs/applications/user accounts you don’t use)
  • Limit Administrative privileges to only a few key people
  • Encrypt your data
  • Use Virtual Private Networks (VPNs) for remote access
  • Train your employees to identity malware and suspicious emails

Don’t hesitate to bring in a professional if you aren’t completely comfortable addressing a security concern yourself.