Tuesday, 20 January 2015

Industry voice: 12 things you should know about email, spam and file attachments

Industry voice: 12 things you should know about email, spam and file attachments

Spam has been around for longer than we can remember and often we almost forget that it is and remains a real problem. For the IT department, spam remains a major security threat and a constant headache.


More than 3% of all spam contains a malware payload and it doesn't mean that the remaining spam emails are safe either. Today, it may sound strange, but the promises of big lottery wins and the various malicious websites that spam emails guide users to are just as dangerous as an email carrying a malware-infected attachment.


Spam is not going away any time soon, either, and the percentage of total email traffic that spam contributes has rarely dipped below 75 percent.


As the 2013 Microsoft Security Intelligence Report states: "More than 75 percent of the email messages sent over the internet are unwanted. Not only does all this unwanted email tax recipients' inboxes and the resources of email providers, but it also creates an environment in which emailed malware attacks and phishing attempts can proliferate. Email providers, social networks, and other online communities have made blocking spam, phishing, and other email threats a top priority."


This is all the more reason to pay attention to how we use email on a daily basis, at home and at work. It can take just one spam email to ruin your day and that of your IT team. Reducing the risk does not require every employee to have a doctorate in security, but they can follow a few basic (and common sense) steps that will help keep your network safe.


The following tips should be followed and communicated to each user with access to email:


1) Do not open or respond to emails that look suspicious, unusual or from someone you don't know that generally ask you to make an action such as giving information, credit card details, making a payment. If the email claims to be from a genuine company, but originated from a free web-based email service, it's likely spam.


2) Do not open an attachment you weren't expecting, especially if you don't know the sender. Often malicious code masquerades as Word documents or some other file type. Scammers can easily change an .EXE extension of a malicious file to .DOC. If you think that you may have received such a file, it's best to check with your IT team before doing anything with it.


3) Just as you should not open attachments, do not click on a link in an email unless you are 100% sure it is safe to do so. It is easy to interject an infected hyperlink into the body copy of an email. If in doubt, delete (or check with the sender or your Helpdesk).


4) Most businesses use a professional-grade spam filter that is configured to meet the company's security needs. Check your spam folders regularly just in case a legitimate email is caught by the filters. Ask your IT department to whitelist important email addresses so they won't be filtered.


5) Don't be fooled by phishing attempts. Someone somewhere will try to get personal information from you. You should never give out personal details over email or fill in a form that pops up when you open up an email. If in doubt, check with IT department.


6) Also on the phishing front, you shouldn't open or interact with messages from businesses you haven't given your address to. Also be wary of messages from companies that already have your address. A popular tool among spammers is to act as if they were from your bank suggesting you need to change your password. In cases such as these, it is best to check the banks' website for details or call their helpdesk to ensure your account is in order. Better safe than sorry. Also, banks and other organisations should not be contacting you via email for security purposes.


7) Sometimes, employees click on malicious links contained in emails. In case you have opened an email with a malicious attachment or clicked on what might have been a malicious link, immediately shut down your machine and inform IT. They will be able to isolate that machine from the network and carry out the necessary scans and remediation.


8) Compromised emailed calendar invites are a fairly recent threat. If you get one from someone you don't know or one that looks suspicious, don't accept it. If it is from a colleague but not using the corporate address, contact them to see if it is legitimate. In both cases, delete the invite so it can't cause any harm.


9) Be careful when using public Wi-Fi. Don't be tempted to log onto every bar or restaurant Wi-Fi network you come across. Avoid suspicious-sounding SSIDs. Hackers love to spoof genuine SSIDs to sniff traffic to steal passwords and user names.


10) Your company email account should be separate from your personal one. It goes without saying that you shouldn't use the same password for both and not use your personal email address as a way to store important work documents.


11) Don't post your work email address on forums, websites and blogs unless absolutely necessary. Hackers gather these addresses and use them for broad-based attacks and for spamming.


12) Do not download any software that has not been approved by the IT department. This could open a backdoor on your machine and used by hackers to gain access to the network or use your pc as part of a botnet, spewing out spam across the world.


A large number of security issues are avoidable if employees understand what they need to be aware of when it comes to email. As a practical tip, every organisation should circulate a few security tips regularly to refresh the employees memory and to remind the entire organisation that security is important.

















http://ift.tt/15q74xm

No comments:

Post a Comment