7 Simple Tips to Prevent Malware Infections
There are some simple, common sense things you can do that can vastly improve your security posture and lessen the chances of a major malware infection on your system.
Antivirus Software – If you don’t have some kind of reliable antivirus software always running in the background, you should consider yourself already compromised. In fact, chances are very good that an intruder has access to your system and/or data right now. There are even free solutions like Avast and AVG which prevent many common threats, so there is absolutely no excuse to not have at least minimal protection. Whatever AV solution you use, set it up to accept automatic updates (very important) and scheduled it to run scans daily. This step alone will protect you from over 90% of the threats out there.
Beware of Phishing and Spear Phishing Emails – A phishing email looks like it comes from a well-known organization, like PayPal, Amazon, or a national bank, containing a malicious attachment or a link for you to click which will open the door to an infection, or worse. Hackers blast phishing emails to thousands or millions of email addresses hoping someone clicks. Spear phishing campaigns, on the other hand, are targeted and designed to make them much more effective against a specific organization, or even an individual. Hackers will often do extensive research to make their email very convincing, using personal or business information acquired from social networking sites like Facebook, LinkedIn and Twitter, or other publicly available information. They will usually make them look like they are coming from a trusted source, like family, friends, or internal personnel or departments. Sometimes they’ll be disguised as a notification from within the organization for an incoming fax, a scanned document, or a voicemail message, all designed to look “trustworthy” enough to entice the target to open an infected attachment or follow a link to a malicious site. The primary rule concerning email is question everything. Don’t follow links in any email to check an account or verify the “problem” you are being notified about, and don’t download and open attachments you are not absolutely sure about. And don’t be afraid to make a phone call to whoever just sent you an unexpected email to verify it came from them. But don't use the phone number included in the email - hackers set up boiler rooms to receive those calls! Look for bad English and grammar, as many of these campaigns originate in foreign countries where prosecuting offenders is much more difficult.
Pop-ups – Whenever you're browsing the web and see a pop-up message appear, exercise extreme caution: pop-ups are a favorite means of delivering viruses. Even clicking the close button or the “x” may be enough to get you into hot water. A favorite tactic of hackers is generating messages that pop up and look legitimate, such as your Flash player is out of date and needs an update, prompting you to click for the update. DON’T DO IT. And never trust a pop-up that says you’ve been infected with something and to “click here” to get rid of it. Go to the source yourself with valid URLs you are sure about. Here are some useful links to check your Flash and Java versions:
Verify Java Version
Verify Adobe Flash Player
Verify Microsoft Silverlight
Keep all software and applications up to date – A favorite exploit vector for hackers is out-of-date software. Operating systems like Windows, and popular software like Flash and Java, are in use every day on billions of systems and devices worldwide, and that’s a numbers game hackers just love to take advantage of. So when your system or software tells you an update is available, take care of it right away. And remember to beware of pop-ups informing you about updates, as discussed above!
USB Sticks/Flash Drives – Small, convenient and with tremendous storage capacity, USB storage devices are a great way for hackers to get their foot in the door and even move past air gaps to more sensitive areas within an organization. It’s a common practice for hackers to load them with a virus and then leave them laying around in smoking areas, waiting and break rooms, or even on subway or park benches, hoping someone will pick it up, plug it in and deliver the malicious payload. With a little thought and ingenuity in selecting “drop-spots,” it’s also a favorite method for hackers to target specific organizations or individuals. Never plug in any USB storage devices from questionable or unknown sources. You may just want to see what it is so you can return it, but the “reward” you may get is not anything you want. And beware of freebies and gifts. It was widely reported that at the 2013 G-20 Summit in Russia, USB devices like memory sticks and specially modified mobile phone chargers containing spyware, emblazoned with Russia’s G20 summit logo, were included in gift bags passed out to high ranking delegates. Gifts like these can keep on giving – your data to hackers.
Web Habits – Some common sense goes a long way. Illegal download sites for software, games, music and movies are notorious conduits for hackers to deliver viruses and other dangerous malware, so always consider the source. If you have doubts, run a check on the URL to see a little of their history. We've even made a handy tool for you to use.
Passwords – Using the same password for everything is a very dangerous habit, and unfortunately, an all too common practice that hackers rely upon. Create strong passwords (a mix of letters, different case, numbers and special characters) and change them regularly. Using the same password(s) for many things makes it easy for a hacker to turn one stolen password into a skeleton key of sorts, allowing them to compromise a target on multiple fronts.
Bigger problems?
Following these seven simple tips will get you off to a great start to protecting your network and your valuable data, but it still won’t mean you are safe from every kind of threat out there. If you suspect your system is compromised, or if you'd like more information, contact Global Digital Forensics at 1 (800) 868-8189, or use the contact us link below:
copyright 2013 by Global Digital Forensics. All rights reserved.