This question comes up often, “Can I get infected by opening a PDF document?” Many assume that since PDFs cannot be easily edited, they can’t carry malware.
The above assumption is false. Criminals use PDFs to launch malware attacks, including ransomware. However, there are safe ways of viewing PDF documents. Let me explain.
Criminals Can Weaponize PDF Documents
There’s more to a PDF document than what users see. For instance, PDFs can be embedded with:
- Commands and Objects – PDFs can execute system commands. They can also contain objects to hide code.
- Malicious Files – PDFs can contain other files. Often, PDFs contain compromised, MS Word documents. Once opened, macros infect the target.
The Problem Is Your PDF Reader
The mistake most people make is using a PDF Reader with its default settings. Programs, especially free ones, are made for ease-of-use. The creators want the masses to use their software. Many times, security is turned off by default for a better user experience.
NEVER use any program “out-of-the-box.” Always review the settings and learn how to use it safely. Before use, PDF Readers need to be “hardened” against attack.
Harden Your PDF Reader
To protect yourself, there are four things you must do to EVERY PDF Reader. If a PDF Reader does not allow you to make these changes, then do not use it!
- Configure the Reader to prevent attachments from opening other files and launching applications.
- Enable “Protected View.” PDFs will open in a sandbox environment for added protection. You can easily disable this setting if you trust the PDF you’re viewing.
- Enable automatic updates to get the latest security fixes. If this feature is not available, don’t use the Reader.
Do a Google search to learn how to perform the above actions for your PDF Reader.
100% Safety Is Never Guaranteed
Criminals are a relentless bunch. I am sure they’ll come up with new exploits to spread their malware. You must remain vigilant and practice safety protocols.
- Keep a close eye on the applications your employees are downloading onto their workstations. Make sure they’re safe and approved for your business.
- Don’t forget about training. Social Engineering is one of the most effective tools criminals use. Train employees to recognize scams.
- Always review security settings for new programs and change them, if necessary, to increase security.
Backup Your Data
Businesses should never operate without an effective backup solution. Even small companies generate tons of prized data. One errant click by an employee can result in a ransomware attack.
Backups should include workstations, servers, and Cloud Applications such as Office 365. They are all targets and in the hacker’s crosshairs. Don’t be a victim; protect yourself and your customers.
XSolutions is an Elite Partner of Datto, the world leader in Hybrid-Cloud Business Continuity solutions whose systems protect 460+ Petabytes of data with over 1400+ employees and 9 offices around the globe. Call (845) 362-9675 and let us introduce you to the ultimate defense against data loss—whatever the cause. Backup & Disaster Recovery | Cloud Data Protection | Managed IT Services