Recently, there has been an endless stream of news about cybersecurity threats for large organizations, governments and small businesses alike. As IT administrators and service providers bulk up layers of security to respond to the proliferation of threats, it is clear that everyone must participate in keeping their systems and their organization’s data safe.
Here are some quick tips to help employees spot trouble.
First and foremost, always be skeptical. You know your business contacts and their processes. If you get an email from one that seems out of the ordinary (not consistent with normal timing, impersonal salutation, poor spelling / grammar, etc.), call them before you click a link or open an attachment. Ask them if the message is legitimate.
Addresses & Links
Unfortunately, many of the Internet’s core services were not built with security in mind. Much of the information displayed in an email can be easily forged. Links in an email or webpage can show one thing but actually link to another.
Always check the “From:” address on suspicious emails. Often the name displayed will look legitimate but, upon closer inspection, the address is from an unrelated domain.
Before you click a link within an email, let your mouse hover over it to show you where it’s actually going. This will either display right over the link or at the bottom of the window. Typically, a malicious link will display a foreign domain or inconsistent path to what it claims to be (e.g. yourbankname.something.ru, randomsite.com/yourinsurancecompany, 10.10.1.32:5050/paypal, etc.).
Popups & Malvertising
While email is a very common delivery method for malware, websites continue to pose a threat as well. Often the threat comes in the form of a pop-up posing as an anti-virus alert, technical support notice or system error. Even if you’re on a reputable site, cybercriminals can inject these malicious pop-ups into compromised ad networks, a method called “malvertising”.
It’s important to know your technical support and security vendors. If you run into a pop-up that tells you to scan your computer or call a number for support and it’s not a familiar service or number, close out of your browser window. Avoid clicking any of the “Ok” or “More Information” buttons within the window as those can launch malicious scripts. If it is unclear how to close out of the browser or new ones keep popping up, ask for help from your IT administrator or service provider.
An increasingly common method of distributing ransomware / malware is through the use of Microsoft Office file attachments. While most email services filter for viruses within emails and their attachments, these Office files contain macros that, when enabled, go out to the Internet and download the malicious code. Microsoft has put safeguards in it’s more recent versions of Office to keep macros from running without authorization.
Avoid enabling these files for editing if you are not sure where they come from or why you received it. Send files that don’t require editing as PDF as those don’t have the ability to store this type of embedded code.
Unplug & Speak up
Lastly, if you feel like there may be malicious software on your system , don’t hesitate to unplug it from the network and contact your administrator or service provider. Your computer may start to slow down or you will spot files that you can’t open. Those are indications that the malware is trying to infect other machines or encrypt company data. It can only do that if the computer is connected to the network. Often the most damage is done when concern over embarrassment or blame causes inaction.