User Awareness Guide: Understanding and Avoiding Malware

At SECNAP Network Security, we believe that user awareness is a vital tool in the holistic protection of company networks, email and computing systems.  Following are five ways malware can enter your company—aided and abetted by employees.  Download the PDF at top right to share with your user community and IT colleagues.

Phony Software Updates

If you’ve ever clicked on a link to watch a video posted on a social networking site, or attempted to open a PDF or picture, and been advised that you need to update your viewing software first—you’re probably familiar with this malware delivery trick. Users are fooled into believing they need to update their current software to view the video or open the picture, and that bogus software update can plant malware in your system before you can say “Oops. IT is sure going to be mad at me!” Instead, just say no.

Malicious Web Ads

Resist the temptation to click on that enticing ad. Malicious web banner ads can install malware on your computer or other device without your knowledge. This trick is sometimes called malvertising.  A better tactic, when you see a banner ad for a product or service you like, is to enter the company or product name into a search engine, and go directly to the source website to find the offer.

Man In The Middle

In this malware scenario, although you believe you’re communicating with a website you know and trust, any data you enter to the site (such as your login name and password) may be seen and gathered by hackers to be used in future exploits. This is why it’s advisable to use different passwords for different applications. Or, your web session may be kept “open” by a hacker after you think you’ve exited or logged off. The hacker then piggybacks on your session to transfer funds from your online banking session or steal your credit card number from your online shopping session.

Look for the padlock that indicates a secure site. Always review your bank statements and credit card bills promptly to look for bogus charges. And don’t conduct personal business on your work computer.

Unnecessary Downloads

This is a tough one, because it looks like you’re being asked to open a trusted software program, such as Microsoft Word or Adobe Reader. However, the phony program may contain a Trojan horse that will gallop right into your network to wreak its havoc. IT will definitely be mad at you!

Keystroke Loggers

Unfortunately, any of these tools can be leveraged to trick you into downloading or otherwise allowing keystroke logger or “key logger” software into your network. That software is then used by hackers to monitor your mouse or keyboard strokes and take screenshots of your personal banking or credit card information—or confidential company information.