Security Awareness: Preventing Virus and Malware Exposure Takes a Team Effort

3.30.16

Spyware, Ransomware and Virus Attacks… it seems like malware, malicious software and viruses lurk around every corner of the Internet.  Whether a threatening email attachment or false online advertisement, there are constantly new and subtle ways people can put their systems and data at risk.

 

Most organizations protect their employees their assets with backups, firewalls, malware protection, anti-virus protection and up-to-date security patches and updates.  While this significantly minimizes the risk of attacks and infection, the best security technology in the world can't help unless employees understand their roles and responsibilities in safeguarding sensitive data and protecting company resources… a system is only as secure as its weakest link.

 

Following a few simple strategies will ensure everyone is working together to identify and avoid risks:

 

1. Avoid running any program that has been downloaded from an untrustworthy source or doesn’t have a digital signature. What this means is that when that that Security Warning pops up alerting you to an Unknown Source, don’t ignore it. Instead, take the time to scan it with your anti-virus program until you can determine whether or not it is dangerous.

 

As a general rule, we recommend that you only download programs from known reputable sites where you can confirm that the program you want to install is malware-free. If you are unsure, it’s always a safer bet to research it first. You can always come back and install it later.

 

2. Use common sense online. If it sounds too good to be true, it probably is! Don’t get sucked into claims of free vacations, cash prizes or other free giveaways. Completing that survey won’t win you a new iPad. What it will do is give your personal information to the hacker behind the false internet claim.

 

On the other end of the prize spectrum are the scare tactics – messages indicating that you are being investigated by the FBI for illegal activity and you have to pay a government fine, or that you have hundreds of viruses on your computer that must be cleaned up NOW, just click here and all your problems will be solved.

 

These campaigns are designed to scare you into handing over your credit card information. And what’s truly scary is how effective they are and how many people are duped into paying for and installing fake software. Don’t fall prey to these scams. If the FBI wants to contact you, rest assured that it won’t be through a pop-up ad!

 

3. Keep your software and operating system up to date. Pay attention to the software updates that get released and be sure to get them installed. Often you can do this with a simple reboot. These updates are providing patches to vulnerabilities and bugs that have been discovered- in many cases because they have been exploited by a hacker already. The update is what provides security against the flaw and is therefore critical to keeping your computer secure.

 

You should also pay attention to the pop-ups issued by your operating system. In Windows, for example, it will prompt you to an unknown source that is trying to make changes to your computer, giving you the option to accept or reject the change. Hint – just say NO! These operating systems have built-in standard security measures so bypassing them is never recommended.

 

4. Always read the fine print. Those user agreements that you NEVER read and always agree to accept? Depending on the source, you could be agreeing to download Adware that is bundled with the free program you just installed. So “free” to you means that the software provider is paying for it through the sale of advertising. At best it’s an annoyance and can affect your computer’s performance. At worst it could be a form of spyware that is collecting and then selling your personal information.

 

5. Security for the remote workers. The idea of “the office” is one that has changed significantly over the years. Thanks to mobility and better connectivity, workers can send bids on the train, meet with clients on a screen in a hotel room, and work on project documents at home. The boom in the remote work space allows more work to be done, but it also leads to significant security concerns.

Working remote means your devices can be stolen, hacked and lost. Lack of encryption, failure to use device passwords, and unsecure network access puts you and valuable company data at risk.  No business or industry is immune. Threats can even be something as simple as kids at home and shared family domains.

 

Tips to protect a laptop or mobile device

• Keep your mobile devices with you whenever possible;

• Keep your mobile devices in sight at all times;

• Never leave your mobile devices in your car or hotel room (even in the hotel safe!);

• Switch on “Find My Phone” (or tablet);

• Only connect to trusted networks;

• Use a long passphrase as your laptop password;

• Use a good password or a long PIN on your smartphone and tablet;

• Minimize sensitive information you keep on your mobile devices;

• Turn off Bluetooth and wireless when not in use;

• Do not share your laptop, especially with children at home.

 

Tips for protection on public and hotel Wi-Fi

• Remember that open Wi-Fi networks allow hackers to intercept just about everything, so never use public Wi-Fi for sensitive information;

• Do not use the same password for websites and corporate systems;

• Ensure your email connections are encrypted;

• Use a corporate VPN whenever possible.

 

Tips to avoid USB attacks

• Never plug in a USB device without having it checked by your IT department;

• Never permit anyone to plug their USB device into your computer (even “just to charge it up”);

• Do not trust any USB device, even if it appears to be “factory fresh” or received at a conference;

• Do not plug any unchecked USB devices into your home computers either!

 

Other Quick Tips:

• Uninstall Java if you don’t really need it as this is one of the most exploited programs.

• Use complex passwords for your online accounts – Passwords should be a minimum of eight characters and contain a combination of letters (uppercase/lowercase), numbers, and special symbols (!,@, #, &, %,*) and re-set them every 6 months or so.  An easy way to remember – treat your password like your toothbrush…don’t let anyone use it, and change it frequently!

• Do not open email attachments from unknown sources or files sent through an instant messenger – this is even more critical given the trend towards attachment-based malware campaigns.

• Don’t give out your details to people who don’t have a legitimate need to know them.

 

If you remain vigilant about keeping your computer’s operating system safe, chances are you will be fully protected.  But because nothing is foolproof and malware is big business that continues to proliferate, it’s always smart to adopt a layered approach to security, and also be prepared for the worst.

 

Your Partner in IT,

 

Mandy Irvine

H5 Networks

Proudly serving these San Diego Cities: Carlsbad, Chula Vista, Coronado, Del Mar, El Cajon, Encinitas, Escondido, Imperial Beach, La Mesa, Lemon Grove, National City, Oceanside, Poway, San Diego, San Marcos, Santee, Solana Beach, Vista.

Proudly serving these Riverside Cities: Banning, Beaumont, Blythe, Calimesa, Canyon Lake, Cathedral City, Coachella, Corona, Desert Hot Springs, Eastvale, Hemet, Indian Wells, Indio, Jurupa Valley, Lake Elsinore, La Quinta, Menifee, Moreno Valley, Murrieta, Norco, Palm Desert, Palm Springs, Perris, Rancho Mirage, Riverside, San Jacinto, Temecula, Wildomar