Can’t state it often enough. Security awareness training is more important than ever. Many of the incidents we respond to are caused by malware being downloaded by users. Once it’s in your network, it’s only going to propagate. It’s like a bad roach infestation.
The most innocent looking email may contain malware. Don’t click on it if it’s from someone you don’t know. Don’t download attachments, don’t click on links.
You know those ads on the news sites? How to lose weight, gain muscle, a deal of a lifetime? A favorite of hackers as a place to embed bad stuff. Don’t click on it.
An email promising a return on funds? An email from the IRS, the Federal Reserve? Do you honestly think the IRS or Fed is going to email you? For that matter, would your own bank email you? No, they won’t. As a matter of fact, I bet if you go to your bank’s website, they probably have a statement someplace on there, that states specifically that they would never email you.
I know someone who just recently got their first computer. Yes, really. As someone in information security, I cringe a bit, as to this person’s lack of knowledge about the wild west of the internet.
But, fortunately, their cautiousness will probably be in their best interest as they explore the wonderful advantages that come with being online. It’s opened up a whole new universe for them. It’s my job to make sure they’re security aware as they explore their new universe.