While neither ransomware nor malvertising are new threats, today’s incarnations are nothing like what you’re used to dealing with.

Cybersecurity experts are placing both of these threats near the top of their watchlist for 2017 — and with good reason. Ransomware is known for being an exceptionally sneaky form of malware, and it’s picked up a few new tricks. Meanwhile, malvertising has found a way to hide in plain sight, in the last places you’d think to look for it.

Ransomware has been relying heavily on tactics like phishing scams to get past businesses’ security measures. A new trend we’re starting to see centers on Secure Sockets Layers. SSL verification is a relatively simple way for businesses to protect customers by making sure they know they’re accessing a legitimate site and not a clever knock-off created by a cybercriminal. Now, hackers are leveraging SSL technology to use encrypted communication, as well as packets and links to get their malware into secured networks.

Where malvertising is concerned, ad blockers and content filtering work well to keep malicious content at bay, but have started to create some problems of their own.

Ads that appear in search results or before streaming videos that can’t load due to these filters can cause major headaches for anyone trying to access the content that follows the ad. This leads to users disabling filters or blockers, potentially allowing malvertising to run on their system.

Another major issue is the appearance of these malicious ads on legitimate and well-known websites. Roughly 27 percent of today’s most popular websites have malvertising embedded on them at any given time. An employee browsing on CNN, for example, could easily click on an infected link without even realizing they’ve done something wrong, because we expect big-name sites to be immune to these kinds of security breaches.

The real concern with this hidden-in-plain-sight malvertising is that it’s extremely difficult to control which ads get posted.

Ads appear on the web pages because a third party has paid for the opportunity to advertise their product or service on a site, and unless each and every piece of advertising is checked thoroughly by the site owner, there is no way of knowing what an ad might contain.

But there is some good news here.

It’s still possible to foil a hacker’s attempts at using malvertising against you by drilling a few smart browsing behaviors into your staff. First, make sure they understand the importance of using their work computer for business-only web activity — or at the very least know to never visit an unfamiliar website. Second, instruct employees to never use an ad or link to reach a website. For example, if they really need to take advantage of that great Amazon sale on their lunch break, they should navigate directly to Amazon’s site and search for the product there.

To avoid both ransomware and malvertising, the most important thing to remember is that you need to be cautious at all times.

Assuming an email came from a legitimate sender just because it looks right, or that a website is secure just because it’s owned by a major corporation, is no longer safe in 2017.

