Security Advisory Warning

27 Nov Posted by in Blog | Comments Off on Security Advisory Warning
Security Advisory Warning

Please send this to all staff and interested parties.

This year has seen the reporting of mass security threats, information phishing and a general level of sophistication in virus and spyware not seen before. As such we are recommending all users to be on alert, and ever vigilant of these attacks.

We highly recommend that computer users adhere to the below;

1) Do not open ZIP files unless you are explicitly expecting a file and already know it’s content. Opening infected ZIP files may encrypt your entire drive, server files, and emails and render data un-retrievable. Over 90% of email derived security threats come from infected ZIP files (Bat Tech reporting Jan-November 2014). There is very little reason for legitimate organisations to send you items in ZIP format these days so treat all ZIP files as suspect and request people sending you emails to not use ZIP files. Larger files should be sent via other methods.

2) If opening files from the internet, email, USB drives, or networks, if a secondary box pops up asking to run an additional file, click no and query the document in question further. Ordinary Word Docs, pictures, excel files etc can be packaged with security threats that attempt to run when the document is opened.

3) Be wary of phone calls, emails, and postal letters from people reporting to be from official agencies i.e. Banks, ATO, Microsoft, Telstra etc who are seeking information from you or asking you to complete actions on your computer. If in doubt, hang up and call the organisation direct. It is far easier than most people realise to get your name, address, and phone number and pretend to be from an official organisation needing urgent action from you or even pretend to be someone else in your organisation to obtain detailed information.

4) Be very wary of password reset requests of any nature that have arrived without your prompting. If you ever receive an urgent password request unsolicited, it is recommended to complete this by first logging into your account at eBay, PayPal, Bank etc. Usually if there is an urgent password reset required, it will first let you login with your old password, then will take you through steps to reset through their website.

5) Be very careful of free software that is offered for various Windows Fixes and enhancements. While some is just harmless bloatware that will be more of an annoyance (i.e. pop ups, start up items etc), other software can install key loggers and even remote viewing of your webcam. Only install software that you absolutely need and if in doubt ask your IT professional about installed software that may or may not be needed.

The sophistication and techniques that are employed by those utilising the methods above is far in excess of previous threats. Even having the latest and most up to date security software is not enough however nearly all can be prevented by simply not opening infected files or clicking on bad links.

At all times we advise to be vigilant and realise that threats are ever persistent, evolving, and implications of becoming infected much higher.

If in any doubt please send us an email – or call us on (02) 9698-9644 as one quick phone call or email, could save you from a world of problems.

Also please feel free to send this to additional people who may find this information useful.