The "bad guys" who write viruses and push malware are constantly changing their tactics to try to get you to reveal personal or business info they can exploit for their gain.
E-mail and e-mail attachments continue to be a favorite avenue for their disruptive, nefarious deeds, and new spins emerge every day, trying to get you to open or download malicious content. When Sue Marquette Poremba asked AppRiver senior security analyst Fred Touchette about current threats, he responded:
One thing I'm seeing a lot now are e-mails that are pretending to be delivery notices that contain HTML attachments. Once the page is opened, there is malicious JAVA script that runs in the background, downloading more malicious software onto the victim's machine. We're seeing about five million a day.[These bogus UPS-style delivery messages have] been a popular scheme for a couple of years now, but the payload is constantly changing.
How do you protect yourself and your company from these ever-changing threats? Companies that can afford to invest in security technology have antivirus software, spam filters, blockers and other sentinels to keep shady characters out. The standard, user-level warning/mantra issued by every IT department I've dealt with is to never open an e-mail attachment from someone you don't know or an address you don't recognize; suspicious items should be deleted and IT should be notified.
And yet, users can fail to act properly and accidentally infect their workstations or, even worse, the entire network. Those antivirus programs catch most of the nasty stuff that bombards corporate networks, but the client-side nature of pushed updates, combined with the constant arrival of new threats, means that things can slip through between scheduled upgrades.
The SaaS model, as applied to security services, may fill part of the security gap, especially for companies that don't have IT resources to dedicate to picking through all the garbage to get to the legitimate stuff. Virus signatures can be updated instantly, eliminating the delays that often let damaging things get past antivirus programs installed on individual desktops. In the case of AppRiver, Touchette attends classes and other training regularly with the goal of staying ahead of these tech-savy, highly motivated and crooked coders.
In general, Touchette says, education is key to keeping your assets secure:
Education is the No. 1 precaution that anyone can take, as far as what's out there and what the real threat is. People are trusting by nature. But they also have to be willing to be educated.
Clear, comprehensive policies and guidelines can provide the education needed to effectively back up Web security technology, whether the solution is SaaS-oriented or otherwise. Check out the templates, sample policies and guidelines uploaded to the Knowledge Network. Keep your information safe, no matter what the spimmers, spammers, phishers and vishers think of next.
More from IT Business Edge and the Knowledge Network