Malware writers have been trying to trick people into installing their malicious software by disguising it as a legitimate software update for some time now. Often these attempts are poor and easy to see as fraudulent, but sometimes the disguises are so good they trick even the savviest of employees in your organization.
One of the best ways to protect your business from malware, fraud and theft of your business data is to keep your software up to date. But do all your employees know which software updates are legitimate and which software updates are fake, designed to capture business data for ransom? We’ve gathered some tips to make sure your business IT is strong enough to keep your data safe.
Have clear policies and training. The first line of defense against hacking and malware is a solid training plan. Any of your employees can make one mouse click that puts your business data at risk. Employees in the know adhere to IT policies that protect them from making a critical mistake. At the end of the day, every employee is only human. Mistakes are a part of life. But the same training that keeps an employee from walking under a construction area without a hardhat can protect them from clicking on a suspicious attachment.
Don’t update based on a web banner. Software updates don’t pop up while you’re browsing the internet. You can always click to see what version of software you’re running and visit the developer’s site in a separate browser window to see what the latest version is. You should only download software updates directly from the software developer’s website to be sure you’re getting an actual update. Still in doubt? Any time a questionable update pops into your browser, a quick message to IT is preferable to allowing malware access to your system.
Software updates don’t offer to scan your computer. They don’t alert you that your computer has been infected with a virus. And they don’t ask for any of your information. Often, these scams will ask for a password so they can perform a scan, but they’re really logging your keystrokes to get access to your passwords. Don’t fall for it.
It’s not going to be in an email. Those systems don’t connect to one another. You’re not going to get an email reminder to update your system. The software itself will make the announcement to you, not your email. Do you know who sends you emails about software updates? Bad guys.
Malware authors will continue to get better, and more creative. The best course of action if you are in doubt is to talk to your outsourced IT provider to understand whether or not an update is official. We’re ready to help!