We do our best to keep our clients and community apprised of any new scams, hacks, malware or exploits that we come across. But because the nature and origination of these attacks is always evolving, it’s important that you train your employees on what to look for in e-mails and basic IT security best practices to help them avoid malware infections and scams.
Most recently, we’ve heard of a new “Microsoft Support” scam where callers claim to be from Microsoft technical services. They take advantage of uneducated consumers by convincing them that their machine is sending out “error messages” and needs to be fixed immediately. The Better Business Bureau recently covered this scam, including a recording of one imposter who called a security researcher. The caller attempts to convince the user to install malware on their computer and walks them through the process as Microsoft Support. While this is a scam mainly targeted at consumers, there’s a good chance that businesses could be called as well. Here are a few things you can do to help educate your employees on these types of scams to ensure that your network is protected:
- Always direct any technical calls to your IT Department.
Your users should never be installing updates, applications or making any sort of changes to their workstation or the network. Well-meaning employees are one of the largest sources of malware infections. Make sure that your employees understand that any technology-related calls or e-mails should always be directed to the HelpDesk or IT Department.
- Verify that people are who they say they are.
This applies across the board for consumers and businesses. Any time you’re dealing with access, whether that’s your personal bank accounts or network credentials, never offer up any information until you verify that person is who they say they are. It’s sounded pretty basic, but you’d be surprised how often users accidentally compromise their credentials. You can hang up and call the organization directly to verify the call or e-mail is real or ask your IT professional. Scammers are getting better and better. They’re making up titles and adding graphics to their e-mails that look authentic.
- Never provide credentials that aren’t password protected or encrypted.
Phishing attempts can allow hackers to gain access to your entire contact database and all e-mails. When this happens, any credentials that you’ve sent via e-mail will be opened up to them. Make sure that you encrypt or password-protect any access credentials that you send via e-mail. You can send a password protected or encrypted e-mail through Outlook as long as your e-mail system supports it. Here’s a great article on encryption from PCWorld.
Never forget that the biggest concern for businesses trying to protect their network and data is the human element. You can tell your users what to do, but as cyber attacks continue to evolve, you cannot control their behavior. Having managed malware and antivirus services as well as reliable, tested backup is the only surefire way to be 100% covered in these instances. Be sure that your users understand these basic best practices to help you stay malware-free and avoid the interruption that can happen with a network-wide infection.