But, I do.
Here’s how you can prevent ~90% of malware attacks in your organization. You, yes you. The very person reading this. Regardless of your position or your access, regardless of your function in the business — this absolutely applies to you. It’s also super easy.
- If you get an e-mail with an attachment to it and you didn’t expect it, EVEN if you know the person sending it, DON’T OPEN IT.
Seriously, that’s it. Call them, confirm it’s legitimate, whatever, just don’t open the e-mail. It’s crazy how many malware variants ONLY spread by you opening that e-mail attachment.
Remember in the 80s they had the “Don’t Copy That Floppy” tagline? We need one for the new world. I can’t come up with anything great that rhymes, so I’ll leave you with a simple question:
“Am I willing to stake my company’s data confidentiality and perhaps reputation on the guess that this unexpected attachment is legitimate? Or is it easier to just pick up the phone and call the person who sent it to me to validate that it is legitimate?”
I appreciate that it doesn’t quite roll off the tongue, but it’s far more real than people expect!
DISCLAIMER: I obviously can’t guarantee this will stop 90% of malware attacks in YOUR organization, but I can guarantee it will notably reduce your exposure! The actual percentage depends on what kind of malware your organization gets hit with on a regular basis. With that said, most of the deepest impacting malware (ransomware, the T5000/T9000 Skype recording malware) does not spread by itself, it requires user intervention to begin the infection process, and this practice will do wonders to minimizing the potential for impact from that type of malware.