Quick Security tips
For our “Quick Security Tips” blog today we will focus on mail attachments. We (and our end users) will receive tens if not hundreds of attachments a week in to our email inbox, instant messenger or on our phone. Many of us will willingly click on them whether we expected it or not. This is a big cyber security no-no. One of the easiest ways to get some malware into a network is to get a user to install it, either knowingly (maliciously) or unknowingly (accidentally). For years the easiest path to this has been emailing an attachment to a user.
This can take many guises from the mass emails we have all seen from “HMRC” trying to get us to open the attached “.doc” (Microsoft Word) file. To the more expertly crafted email sent to a specific user. This e-mail uses a more sophisticated version of social engineering to lure them into opening it. These attachments can contain any number of payloads and as I mentioned in an earlier post your antivirus may not pick it up! It could be something new or maybe even something masked – either way if it is malicious you don’t want your users to open it.
So how do we stop this? Antivirus can’t always be relied on. The best defence to this kind of attack is education. Your users and yourselves need to be educated to the dangers of unknown attachments. Who sent it? Why did they send it? Can we trust it?!
Don’t open attachments in email, chat, or on phone without notice. If the file wasn’t expected then is should not be opened… This is about as simple as it comes, instilling this into your users can save you a world of pain.