Miley Cyrus is dangerous. That's not a commentary on her music. It isn't even an indictment of her recent twerking antics at the MTV Video Music Awards. Miley Cyrus is one of the most dangerous Web celebrities when it comes to cyber threats according to the McAfee 2013 Most Dangerous Cyber Celebrity report.
Cyber criminals figured out a long time ago that the best bait to use for an attack is a topic that's already trending. When there's a natural disaster, a mass shooting, an international crisis, or a major event like the Olympics or a royal wedding, cyber criminals craft emails and URLs that lure unsuspecting users searching for more information about the trending topic. Thanks to our celebrity obsessed culture, actors, pop stars, and those merely famous for being famous make evergreen temptations for ensnaring victims.
Hopefully your employees are working instead of searching the Web for breaking news about Kourtney Kardashian, but you know they'll do that as well, so you should educate users about the potential threat and share the information from this McAfee report so they can make better decisions.
But the onus is on you to protect your network and PCs. Here are five tips to help you avoid most of these threats:
1. Don't download
Make sure your users know to run away from any sites that direct them to download software in order to view the content. A requirement of third-party software is a good indication the download is malicious.
2. No such thing as a free lunch
Sites that go out of their way to declare that something is free often have a shady agenda. In fact, "free downloads" is the most virus-prone phrase according to the McAfee report.
3. Rely on reliable sources
While it's possible a fan blog could get a scoop on breaking news, it's much more likely that an unknown site will lead to a malicious attack. Teach your users to stick to respected news networks and media outlets and avoid surfing the shady side of the Internet.
4. Don't log in
Some respected media sites have paywalls in place, or some requirement that users log in--especially those wishing to comment or participate in forums -- but users should never provide information to an unknown site. It's that simple.
5. Run security software
You should have up-to-date antimalware software running on your company network and PCs. You should also use browser security tools that can screen for phishing attacks and help users identify and avoid malicious sites. Security software is only as good as its last update, and it may not be effective against emerging threats, but the vast majority of the exploits online aren't that new and security software is an effective defense.