Over the past few months, we have been receiving calls asking for help with virus and malware infections that found their way onto systems through email. The sad fact is that the main route to virus and malware infections is through email. Windows 7 and Vista attempts to help through their User Account Control (UAC) feature by asking your permission when any program tries to make administrator-level changes. However, if you’re too quick to hit the Yes button, Windows 7 and Vista will allow the program to run and do its damage. So what can users do to protect themselves?
- If using Windows 7 or Vista, never disable the User Account Control (UAC) and heed its warnings when running programs you do not know or trust.
- Make sure you have an anti-virus program that scans emails and their attachments. At XSolutions, we use Avast. It scans incoming and outgoing emails and attachments prior to opening or sending them. However, anti-virus and malware programs are not fail-safe. Malicious code does get through. There are people at this very moment creating dangerous code that the anti-virus companies have not yet encountered. So the best protection is user vigilance in addition to an up-to-date anti-virus program.
- Be extra cautious of opening emails from people you don’t know. In fact, if it is suspicious then delete it. If the email is from a spammer, then blacklist it so your email client “learns” that emails from this address goes directly to your spam folder where you can safely delete them without opening. Incidentally, never disable your spam filter.
- Never respond to email requests for passwords, personal or financial information. These are phishing attacks and are a way for crooks to acquire sensitive information. Trustworthy institutions will never ask you to reveal this type of information, and certainly not through such an unsecure medium as email. Don’t fall for them or your identity can be stolen! Just delete them quickly.
- Never send sensitive information, including credit card numbers and bank account numbers via email. Email is unsecure and easily hacked. Just don’t do it. Ever!
- Hackers possess sophisticated software that attempts to guess your password. The fact is that most people use easily guessed passwords such as harry123, frank678, etc. Also, a lot of people use one main password for everything! So, once the hacker gets one password, he’s got them all. Always use a strong password of at least 8 characters that is meaningless and includes upper and lower case letters, numbers, and symbols. Never use the same password for all of your data (i.e. bank information, credit card sites, etc.).
- Do not enter a list of sites, logins and passwords into a spreadsheet, text file, or word processing document and keep that document on your computer. If a hacker gains access to your PC, he’ll have all of your passwords in an instant. If you must keep this information on your PC, use a good Password Manager such as Keepass (see download of the month) that uses government-level encryption to keep your passwords safe. It’s free and easy to use. Just make sure you use a strong password as noted above and do not keep it anywhere on your PC. Oh, and don’t forget it or you’ll never get into that file again.
- Don’t participate in your “friends’ email rings”. You know what I’m talking about, where a group of people share funny jokes, etc. via email with everyone on their list? What a great way to spread a virus or other malware. You see, most people scour the internet looking for these kinds of jokes and funny stories but don’t practice safe internet and email usage themselves. So, they pass around links by email or forward emails from one of their friends to the group. The problem is that the email may be infected or the website that the link points to may pass on a virus to whoever opens it. This helps the virus go, well — “viral”!
- Always use a secure wireless connection so unscrupulous hackers can’t “listen in” on your email communications. Many homes and businesses today are equipped with wireless routers because of the freedom they give by allowing people to log onto the internet without worrying about hard wire connections. While this is a great thing, be aware that you need to take security precautions because wireless signals can be hijacked.
- It is also a smart business practice to have a Managed Services Provider or MSP manage your computer systems. An MSP, such as XSolutions, can monitor and manage networks, servers, and individual workstations keeping business systems safe and working at optimal levels. This reduces downtime and lowers IT costs over time.Although an MSP cannot prevent a virus attack, they do provide proactive services to:
- Ensure that your virus protection is up-to-date and active.
- Run scans at predetermined intervals to catch any infections that may have gotten through and are hiding and waiting to exploit your system’s vulnerabilities.
- Make sure all critical Microsoft updates (especially security updates) have been applied.
- Quickly address issues to minimize damage should an infection occur.
In closing, please be aware that email security also affects mobile devices such as smart phones. Droids and Blackberries can be set up to synch emails with company servers so what you do on one device affects another. Anti-virus packages are also available for mobile devices. Install and use them as well as practice “safe emailing” behaviors.
In the war against malicious software, human vigilance is the key, and at the same time, the weakest link. Email is the most prominent gateway hackers use to install infections. Having up-to-date and active anti-virus and anti-malware software in conjunction with good email practices as discussed above should help greatly to reduce the instances of infections. Good luck!