DO NOT CLICK!
Real Advice from a Technology Services Provider to Business Team Members on How to Avoid Ransomware and Malware
No one wants to be “THAT ONE” in the company to click on the phishing link that sets off a malware attack. We are sure so many of you, are too afraid to click on anything. Unfortunately, we are at a point where a company is only as safe as its weakest link, and it takes vigilance to avoid causing a problem. Be aware of any scenario that prompts urgent behavior. This is how hackers succeed, they create urgency so that the suspect is not paying full attention, and strike. In knowing this, and moving forward with a healthy amount of fear, this is a brief guide to help you avoid issues.
Reduce Risky Behavior:
- Do not link your personal business with work business (i.e. email accounts for both work and play).
- If you have not been trained in how to avoid malware, ask for training (your service provider should offer training for you and your team).
- Businesses should provide new employees with information on how to stay safe and continue to share new phishing trends with employees (have an updated employee handbooks explaining the “rules” of using the technology at the office).
If you receive an email:
- Make sure you are expecting the email. If not, and it has any of the clues below, CALL the sender to ask if it was intentionally sent, don’t just reply to the email… if the “bad guy” has access to someone’s email, they can just reply to you and say it’s ok.
- Check the sender’s email address and look for any symbols, or odd spelling.
- As with all links in email and on the web, you need to be certain they go to a reputable site BEFORE you click on anything. Always hover over each link to see where it actually goes (in most cases the link will be displayed in the lower left of your screen). In this case each link should point to www.itworks.us.com/somewhere if not, DON’T CLICK. An example of this is http://www.ups.com/ (hint, hover over this link to check it).
- Do not provide personal or confidential information via email, unless you confirm it is a legitimate source. Check the sender’s email and possibly confirm with the sender via phone.
- Do not click a link in an email, unless you know it is a legitimate source see above.
- If an email looks visually different from what you have become accustomed, or if it looks strange in nature, please do not click on it. Ask for help or confirm with the sender personally.
- Do Not open email from an email address you do not know until you have confirmed the source or validity of the email. Look carefully again, itworks.us.com and www.itworks.us.com are NOT the same thing. Mouse over the link (see above).
- ANY type of attachment (except one) CAN and DO contain viruses, ransomware, and malware. Extra points if you know what the ONLY safe attachment type is.
If you are browsing the web:
- If you provide your email online, make sure you are giving it to a reputable company. Think twice, check the spelling, check for scams, check with the Better Business Bureau.
- If possible, create an alternate email account with Gmail, or Yahoo, or Outlook, to use as a staging email before allowing unknown senders access to your personal or work account.
- Be very aware of documents you are downloading, and unless you desperately need it, don’t download it. Often staging sites will provide topics of interest, and when downloaded, it can infect your PC. Technology should run in the background to ensure documents are safe prior to downloading.
- Be very aware of downloading graphics from the web, it also can cause infection.
If you receive a phone call:
- Do not give out company information over the phone.
- Be aware of what constitutes a suspicious request, such as any request for account credentials, personal information, company policies or practices, or anything else that seems beyond the scope of what the conversation should be.
Be aware if you see the following problematic signs:
- New apps or programs that suddenly appear on your computer or mobile phone.
- Strange pop-ups during startup, normal operation, or before shutdown.
- The device slowing down.
- New extensions or tabs in the browser.
- Loss of control of the mouse or keyboard.
Create a strategy for employees to follow if they see something odd:
- Turn computer off.
- Immediately seek help.
- Notifying technology services or IT manager of any suspicious emails, activity, or lost devices. Be candid, tell them exactly what happened, what you were doing, and anything you remember that may help them put the pieces together.
Honestly, many employees are embarrassed to say they clicked on a suspicious link and pretend they did not. The potential ramifications are far worse when nothing is said, please know this and understand how important it is to communicate.
Passwords can be seen as an inconvenience, and we all want to access everything quickly and easily. This is reasoning most allow sites to save our passwords, which is a massive security risk. We are trying to get so much done, so fast, and the fear of losing time because of a forgotten or changed password causes delays. But diligence with password security is crucial. These changes will help deter what could potentially be a major security breach.
To keep your passwords and access safe, please consider ALL these options. Together, they will provide the best protection against having your personal information stolen by bad actors and protect your system and workplace from getting hacked.
- Change passwords regularly
- Do not save passwords
- Do not use universal passwords.
- Use 2 factor authentication
- Passwords need to be unique, long, and complex. Long Passwords are harder to crack. See our Password Strength Test for guidance on best practices.
Hindsight is 20/20, you might not be able to undo what has been done, and the best way is to avoid it completely, is to take the extra time and engage in safety protocols. The easier you access information, the easier time a hacker will have accessing all your links and saved passwords.
Do not bypass safety policies for ease of use, they are in place for a reason, PROTECT YOURSELF AND BUSINESS FROM SECURITY ISSUES
I.T.WORKS! mitigates employee risk by staying ahead of it, and training both clients and their team members on best practices. As part of our regular services, Technology Administrator Engineers train client’s on-site regarding software updates, user vulnerabilities and best practices regarding cybersecurity. These monthly visits are imperative to keeping systems and employees operational.
Please feel to use this blog as a training tool, we hope we can help businesses train team members to avoid issues, to best keep business technology safe from potential risks.
We are open and look forward to answering questions, feel free to reach out 508.375.6444
Let I.T. WORKS! be your Cybersecurity Guardian. A reality check conversation with us puts businesses in a better place to understand their needs and make critical informed decisions.
I.T.WORKS! decreases the risk of ransomware by minimizing exposure and staying ahead of it with proactive maintenance and verified backup.
I.T.WORKS!’s team of experts minimize exposure to ransomware through proactive maintenance. This unique proactive approach delivers consistently working technology and resolves problems prior to them becoming an issue, especially with new obstacles/threats daily. Consistently running technology is a safeguard against malware, as viruses penetrate old, out-of-date, unpatched software. Software that works seamlessly together and real-time monitoring are essential.
Verified updates and patches on all systems and hardware are extremely important in ensuring your technology is up and running consistently. Many MSP’s will claim this is being completed, however I.T.WORKS! guarantees it is being consistently completed and verified daily. We can show reporting to this fact. Also, an MSP constantly battling large numbers of tickets reactively for clients will not be able to provide this same type of safety barrier. The tickets are indicative of bigger, out of date, unpatched technology issues that lacks the proper hygiene needed to keep business systems safe from ransomware.
Staying ahead of security threats requires a solid, verified backup plan. I.T.WORKS!’s dedicated TEAM physically monitors backups to ensure they are working, not taking it for granted. Secure Backups are confirmed completed (they are individually checked). Clients that follow I.T.WORKS! stringent protocols will have backed up data in three locations. Effective backup requires a person physically watching, checking, and chasing down errors. This is how we assure clients that we are always aware of backup status. Your backup plan is only as good as the strategy of your IT Provider and the integrity of their company. When you need it, our processes won’t let you down.
Please remember, it’s the people and processes in place that increase safety.
On a regular basis, Technology Administrators train client’s on-site regarding software updates, user vulnerabilities and best practices regarding cybersecurity. These monthly visits are imperative to keeping systems and employees operational. These vital monthly trainings on best practices help clients mitigate cybersecurity risk by staying ahead of it. With education and awareness, risk is dramatically reduced, employees remain operational and business productivity is optimized.