Training Your Team to Avoid Malicious Websites
By having your employees use SendThisFile to send and receive files, you have a great start with Internet security. If you’re an IT professional, as many of our customers are, you know that being safe on the Internet covers a lot more than sending and receiving files. In a previous post on cultivating a culture of security, having scheduled security audit was a suggestion.
At your next security audit, remind your team of the following basic guidelines in protecting themselves from malicious websites. And, as you know, these websites are often intended to give those who visit viruses, malware, or steal information from the hard drive. Once your team knows how to spot danger, they can avoid it all together. Pass along these rules to avoid falling victim to a dangerous site.
You have antivirus software – use it
The #1 way to avoid problems on the Internet is to keep your antivirus software on, up-to-date, with the most current patches installed. Even the most innocuous web search can lead to a site that can get you into trouble. The latest trending celebrity news is often taken advantage of to create sites meant to catch the curious and infect computers.
Treat every email with caution
Email is a common way that even smart people end up with malware or viruses. Treat every email with caution, including those from trusted sources when they contain links or attachments. If something seems off, it probably is. Other email messages may be phishing attempts, trying to disguise themselves as email from a commercial venture. Many times, it’s easy to spot a phishing email, but some have gotten more convincing. If the phishing email just happens to be from a source that you actually use, a bank or other online service, the spammer could get lucky. Use extreme caution. The most convincing one I ever received was posing as iTunes. I might have fallen prey to it if I didn’t have iTunes open already and was able to confirm that the message it was giving me about a download was untrue.
As a general rule, an email from your actual bank will give you a message like “your statement is ready” but a phishing email will try to get you to login to your account from a link within the email, either by stating there is a problem with your account, that there was a login attempt, or tell you that you need to verify some information. Don’t use links to your accounts that come to you from email messages. Always go to the account by typing in the URL or from links that you have saved in your favorites or bookmarks.
Navigating the world where malware is unavoidable
Random tweets from those you don’t follow on Twitter are to be avoided, in fact, report those users to Twitter to block them from your account and take the tweet out of your timeline. Also watch for tweets from those you do follow whose account has been compromised. If they don’t normally talk about great weight loss results or send you links about you being caught on video, they probably didn’t this time either. Needless to say, don’t click the links, but also, let them know their account may be compromised. They may not know it’s sending out the links.
It’s a sad fact that sometimes software that we need to download comes neatly packaged with the option to download malware as part of the installation process. Producers of malware bank on the fact that most people will blindly click on “next” during the installation process. Don’t be like most people, read the language of the installation window. If it talks about downloading anything other than what you intended, look for the alternative to clicking “next” or going forward. There should be a “cancel” or a way out. Take the way out. If the software can’t be downloaded without the junk, see if you can find another source for it. The extras that these include are usually things like unwanted search bars that serve ads or widgets that just take up space.
Look for signs of security
If you’ve navigated around all of the above and made it to your intended destination, there are a few things to look for before entering an account number or credit card. Does the site’s URL begin with HTTPS, rather than HTTP? If so, that’s a good thing. That means your information will be encrypted before being sent out.
Another good sign is the lock icon. It will look different in each browser, but if you’re on a secure site, the lock icon should appear in the navigation bar. If you click on it, it gives detailed information about site security, verification, and permissions.