Avoiding Malware, Viruses, and Ransomware
Malware is a term used to describe a broad category of damaging software that includes viruses, worms, Trojan horses, rootkits, spyware, and adware. The effects of malware range from brief annoyance to computer crashes and identity theft. Malware is easier to avoid than it is to remove. Follow these guidelines for staying safe.
Prevent Malware with Smart Online Behavior
The single biggest factor in preventing a malware infection on your PC is you. You don’t need expert knowledge or special training. You just need vigilance to avoid downloading and installing anything you do not understand or trust, no matter how tempting, from the following sources:
From a Website: If you are unsure, leave the site and research the software you are being asked to install. If it is OK, you can always come back to the site and install it. If it is not OK, you will avoid a malware headache.
From Email: Do not trust anything associated with a spam email. Approach email from people you know with caution when the message contains links or attachments. If you are suspicious of what you are being asked to view or install, DON’T DO IT.
From Physical Media: Your friends, family, and associates may unknowingly give you a disc or flash drive with an infected file on it. Don’t blindly accept these files; scan them with security software. If you are still unsure, do not accept the files.
From a Pop-up Window: Some pop-up windows or boxes will attempt to corner you into downloading software or accepting a free “system scan of some type. Often these pop-ups will employ scare tactics to make you believe you need what they are offering in order to be safe. Close the pop-up without clicking anything inside it (including the X in the corner). Close the window via the Windows Task Manager (press Ctrl-Alt-Delete).
From Another Piece of Software: Some programs attempt to install malware as part of their own installation process. When installing software, pay close attention to the message boxes before clicking Next, OK, or I Agree. Scan the user agreement for anything that suggests malware may be part of the installation. If you are unsure, cancel the installation, check up on the program, and run the installation again if you determine it is safe.
From Illegal File-Sharing Services: There is little quality control in the world of illegal software, and it is easy for an attacker to name a piece of malware after a popular movie, album, or program to tempt you into downloading it.
Viruses
Think Before You Click: Avoid websites that provide pirated material. DO NOT open an email attachment from somebody or a company that you do not know. DO NOT click on a link in an unsolicited email. Always hover over a link (especially one with a URL shortener) before you click to see where the link is really taking you. If you have to download a file from the Internet, an email, an FTP site, a file-sharing service, etc., scan it before you run it.
Keep Your Personal and Business Information Safe: This is likely the most difficult thing to do on the Internet. Many hackers will access your files not by brute force, but through social engineering. They will get enough of your information to gain access to your online accounts and will extract more of your personal and/or business data. They will continue from account to account until they have enough of your information that they can access your banking data or just steal your identity altogether. Be cautious on message boards and social media. Lock down all of your privacy settings and never save your login information or click on Remember Me for this Site.
Spoof Emails
As a first level of security, it is highly recommended to set up an internal policy to not allow wire transfer requests be submitted via email. This will ensure that if one of your staff receives an email requesting a wire transfer, it will prompt them to confirm with the sender they have made the request. It is suggested to forward the email to the sender rather than replying to the sender to confirm the receipt of the request.
As a second level of security within this internal policy, it is recommended to have some “checks and balances” set in place such as a Supervisor, Manager, or CFO sign off for the approval of any wire transfer requests.
As a third level of security, no-one should ever send any type of sensitive information via email including but not limited to social security numbers, account information, etc.
…..and as a reminder, the IRS will NEVER request information via email.