A Guide to Protecting Your Business from Viruses and Internet Spam
Protecting your business from spam, phishing and virus attacks has never been more important. With so many ways for malicious software to make its way onto your computer network, it takes more than just antivirus programs to protect yourself. Follow these tips to minimise risk to your business, and enjoy peace of mind when relying on technology to get the job done.
Spam is, broadly speaking, unwanted email. It can be anything from irrelevant sales material, barrages of nonsensical malicious links and dubious attachments. Spam is a catch-all word for this type of traffic and, according to the Australian Government, most email traffic is spam.
Why do people spam?
Email is cheap, easy to scale and automate. Many scammers start by obtaining massive database lists of emails and then simply automate the spam process. With such a small investment of time and large databases it’s all about low hanging fruit, and that’s why when it comes to spam, a little bit of knowledge can go a long way.
Even the best internet filters won’t catch everything, especially with the practically unlimited amounts of malicious email floating about. Stay protected by knowing the warning signs and acting smartly and safely.
Recognising the signs – spoofing and phishing
Identity theft, credit card fraud and malicious software are just some of the risks posed by these two unique forms of internet thievery. Learn how to recognise the signs and avoid becoming a victim.
When someone masks their identity on the internet by using a stolen account or mimicking another person’s profile it’s commonly referred to as spoofing.
Spoofing is a method of intrusion where the attacker will attempt to install malicious software on your computer, or have you download malicious software yourself through deception. The software could be hidden in:
- Email links and attachments
- Application executables or programs
- Inserted through breaches in network security
- Uploaded over unsecured WiFi or Bluetooth
- Downloaded via USB on a guest terminal.
Types of spoofing programs
Once installed on your computer, spoofing programs can come in a number of different varieties. Viruses that shut down your PC or network aren’t really in the domain of spoofers. Instead, they look to take control of your resources for their own personal gain.
Spoofing programs include:
- Programs that allow remote control of your computer
- Keylogging programs that track your keystrokes to try and guess passwords
- Data scrapers that glean personal info that can be used against you
- Programs that allow routing of traffic through the computer so it seems like traffic is coming from a legitimate source.
Identifying spoof attacks
Successful spoof attacks falsify data to gain an advantage within a network. Some examples of spoofing include:
- Cloning someone’s email address
- Cloning or falsifying a caller ID
- Setting up fraudulent websites that install malware on your computer.
Always exercise caution when clicking on unknown links or downloading and installing programs.
How to protect against spoofing
There are a myriad of ways to accidentally install unwanted applications on a computer or business network. Protecting at a software level alone won’t guarantee a 100% success rate. It takes a concerted effort to encourage education and safe IT policy across a business. Working together, your business can reduce the risk of unwanted and malicious software on your network. We have more tips on this below.
Phishing is similar to spoofing and is often used interchangeably. There is a difference, however. Chron defines this as a method of retrieval (Phishing) vs a method of delivery (Spoofing).
Phishing doesn’t try to install malicious software on your network or run programs behind the scenes to impersonate your identity. Instead, phishing uses social engineering to retrieve personal information from you. Examples include:
- Requests for insider info from an email address posing as a high level executive
- Linking to websites that look legitimate, asking for you to enter sensitive information
- Fake contests or financial opportunities
- False password retrieval emails
Exercising caution against Phishing
Don’t get caught out by phishing attacks. Protect your business and educate your staff about the warning signs. Follow these tips to help promote safety in the workplace:
- Minimise risk through audit trails and service management
- Triage phishing attempts and use them as examples to your staff
- Encourage staff to ask first, before acting
- Change your password frequently. Don’t use the same password for all accounts.
- Be extra careful giving out credit card information, Tax File Numbers etc.
- Where possible, try to pay online where buyer protection is built in
- If in doubt, Google the business or service to see if they are legitimate
- Conduct background checks on vendors by looking at social profiles etc.
Protect your business at every layer
When it comes to robust virus and scam protection in the workplace, a holistic approach reaps the best rewards.
This starts with staff education. Regular seminars or newsletters on known risks, best practice, and examples of intrusions and successful attacks are all good starting points for delivery. Consider:
- Using examples of spam and phishing attacks from within your business to show that it happens to your brand
- Use examples from media that highlight high profile damage.
Keeping up-to-date virus protection on your employee computers is good policy, as is a robust firewall, strong and evolving WiFi security and frequent password changes.
Your business can also benefit from using vendors that have good virus and spam protection as well. For example, Aussie Broadband offers free virus and spam filters on email for nbnTM customers. With this tag to suspicious emails built in, you’re able to send and receive email safely and focus on what’s important – growing your business.