If using the Internet and Email is as essential to conducting your daily business as it at RG Group, then you are probably well aware of the risk of virus infection. Short of cutting off access to the Internet altogether, there is no one sure-fire way of preventing a virus infection. Or is there?
We employ several layers of antivirus (AV) protection at RG Group including pre-scanning of Email prior to hitting our mail server, server-side scanning, and client-side scanning. With all of the protection levels in place, threats can still find their way through.
The number one way a threat gets through – employees don’t understand how to recognize them. Whether it’s opening an attachment on a suspicious Email, or visiting a website and following a potentially dangerous link, it’s the finger on the clicker that can unleash the most damage.
The protection tools are important. But equally important is educating your users.
As an example, over the past couple of years, I’ve made an effort to take snapshots of Emails that look suspicious and send them to all employees. I point out the reasons the Email could be dangerous:
- The Email is looking to trigger an Emotional response such as excitement (you’ve won money) or fear (the IRS is going to press charges). The sender is trying to bait you into clicking. Don’t fall for it.
- The Email contains an attachment. Although attachments can be legitimate, there are some red flags. Avoid file types that can launch a “program” function (such as ZIP, EXE, XLSM). If the attachment is something you were not expecting, do not open it. If you know the sender and still don’t trust whether the attachment is safe, pick up the phone and call them to confirm they did in fact send you the attachment.
- The Email contains links. You should avoid clicking on any links in Emails. Before clicking a link, always hover the mouse over the link. You’ll see the URL where the link will actually go. If the URL looks to be completely unrelated to the sender or content of the Email, it’s probably going to send you to a bad place.
Depending on the specific Email threat, there could be a number of other things that I bring to our employees’ attention.
As a result of the effort to get the word out, our users have become much more in tune with what could be a threat. Rather than clicking, they recognize the signs and delete suspicious messages (hint; hold the SHIFT key when clicking delete on an Email and it will be permanently deleted from your Outlook client — it won’t go to the Deleted mail folder where it could still potentially do harm). Many users will ask us in IT if a message is safe. We’d rather they ask and get some guidance than not and click on a bomb.
If you haven’t, add education to your data protection toolbox. It takes just a few minutes here and there and could save you hours of recovery later.