Justin Gray, Henry Schein Tech Central Support Manager is our guest blogger today at Sidekick Magazine
Email spam or junk mail is usually unsolicited email that is sent to a large number of recipients. These emails are usually irrelevant or inappropriate and may contain malware or viruses that can infect your computer. In some cases one virus could infect an entire network of computers. All one has to do is open up an unfamiliar or suspicious email and a virus can immediately load on your computer.
The same is true of visiting certain web sites that contain malware or viruses. Simply visiting a popular social media site and then clicking an advertisement could result in a virus being installed on your computer. Spam, junk mail, viruses and malware could lead to data loss, data breach, damage to systems, as well as high replacement and repair expenses.
However, most of these threats can be avoided by educating your staff and implementing the following basic protocols.
These tips are intended for small businesses to help address potential threats that can occur while using the internet and email. Do not share your business email accounts except for with customers, patients, and colleagues.
- In most cases, spammers first need to know your email address in order for you to receive malicious emails. Therefore, it is recommended that your business email addresses not be shared with anyone except your patients, your customers, and your colleagues.
- Sometimes it is necessary to use your business email address on a web site to sign up for a service. When using your business email address on web sites, be sure to only use it on legitimate web sites that you are familiar with.
- Be sure to use your email accounts for business purposes only.
- Unfortunately, even legitimate, big-name, websites will often share your email address with third- parties. If the option is available, it is recommended to opt out of email advertisements and any unnecessary email communications during the sign-up of website services. The more you can reduce your exposure the better.
- Some offices choose to have two email addresses – one for primary business use and the second for anything that could result in potential junk mail. When providing your email address to sign up for a service you could first consider using the secondary email address.
Do not post your business email account on the internet such as posting it on your business web site or on forums.
- Harvesting bots are special software designed to obtain email addresses from public data on the web. Once emails are harvested, the emails are then added to lists for sending spam emails and other threats. Make sure that your email address does not show up in your signature on a web forum or as a link within an online guestbook. If the public can see your email address, then it is likely visible to a harvesting bot too.
- Make sure that your company web site has some sort of security method in place to hide your email from harvesting bots while allowing your web site visitors to communicate with you. Many websites have secure forms that require human verification. The forms allow a visitor to more safely communicate with your business by email.
Do not use your business email address to sign up for promotions, drawings, or other marketing gimmicks.
- Sharing your business email to sign up for anything complimentary or for any special promotion is likely a method for a spammer to collect email addresses. Some of the signup emails can even contain malware or viruses that immediately load on your computer when opened. Avoid these types of gimmicks.
- If you are buying anything and someone asks for your email address, ask why. Why do they need my email address? What are they planning to do with it? Refuse to share it if there is no reasonable need to do so. Or else share your secondary email address mentioned earlier.
Do not open unfamiliar or suspicious emails; delete them.
- When checking email, do not click on unfamiliar or suspicious emails or attachments. Instead, immediately delete them. Some suspicious emails can add your email address to a list or even install malware or a virus when clicked.
- Be careful with unsubscribe links in certain emails. Although many unsubscribe links are legitimate, some unsubscribe links within suspicious or unfamiliar emails could contain links to further threats.
For Microsoft Exchange users: Implement spam firewall services.
- If you host your own Microsoft Exchange server, it is recommended that you implement a Spam Firewall service such as Barracuda. This type of service will help reduce spam emails arriving to your inbox. Without a spam firewall service in place, your Exchange email service is likely to be vulnerable.
For web based email users: Only use legitimate email services rated high for security.
- If you use web based email for your business, make sure to only use a reputable service such as Outlook.com or Gmail. Web based email services such as these contain built in security measures to help prevent spam and viruses. These services are often inexpensive and security updates are ongoing.
Restrict email usage.
- Email usage on business computers should be limited to business purposes specifically. Only approved, secure email methods should be utilized.
- Limit email usage to select employees who will be responsible for following the proper security protocols.
- Personal email on business computers should never be allowed. Many small businesses acquire viruses from personal email use.
Be suspicious of email attachments.
- Before opening an email attachment verify that you recognize the sender, the name of the attachment, and the body of the email. If anything seems out of place do not open the attachment.
Restrict web surfing.
- Minimize the number of users in the office that are allowed to surf the internet on business computers. This can be accomplished by implementing and enforcing rules for usage. Only surf the web for business purposes and only while visiting legitimate web sites.
- Systems that do not need to browse the web can have it disabled through the Internet Settings of the computer. The more restrictions on web browsing, the safer the network will be.
- Web Filtering Services are available and can allow users to browse the web while filtering potentially dangerous sites. These services can also provide a regular report showing web usage.
- Personal web browsing by employees should not be allowed on business computers. Although visiting social media sites and other personal web sites may be common, this is the leading cause for businesses acquiring viruses on the network. Make it the protocol that employees must restrict web surfing to their own personal devices such as phones or tablets.
Implement email encryption.
- Before sending an email to a customer, patient, or colleague, consider encrypting the email so that it cannot be read or captured by a hacker while in transit. There are many services that offer email encryption.
- Products such as Adobe Acrobat allow one to password protect individual documents. A document can then be attached to an email and sent. The recipient only needs to know a password to then unencrypt the document and view the contents. This is an inexpensive method of document encryption.
- Never send a password in the body or subject of an email.
Get rid of old email accounts if they receive too much spam and then open new email accounts.
- If your business is using an old email account that receives excessive spam and junk mail, consider retiring it and creating a new one. Be sure not to share the new email address with anyone except customers, patients, colleagues, and legitimate web sites for business purposes only. This may require updating or changing business cards, marketing materials, or your company web site.
Do not allow employees to connect their personal devices such as phones or tablets to the business network.
- The only exception is if you have a secure firewall in place with a separate guest network. The guest network must be firewalled from the business network, to separate and prevent communication between the two.
- If you do not have this sort of secure and separate guest network, then do not allow personal devices to connect to the business network.
Run updates on all systems on a regular basis.
- Run Windows security updates on a regular basis. Be sure to run these updates during business downtime and be prepared for the updates to take quite a bit of time to install. There could possibly be multiple reboots involved. Once completed, be sure to test all systems, test all database software, and test healthcare devices to make sure they are in good working condition before the next business day. Windows updates cannot protect against all possible attacks, but they can help to make your systems more secure.
- If you are not comfortable running Windows security updates on all systems and testing them afterwards during downtime, then contact a technician to visit your office to provide system maintenance.
Make sure you have up-to-date antivirus software on all systems.
- This includes all workstations and servers. Antivirus needs to be active and up-to-date. Although, antivirus cannot protect against all possible attacks, it can help to keep your network safer by blocking many known viruses and malware.
Be sure to always have a current backup and an old backup of your data.
- Each backup should be on separate, secure, and encrypted media. You should have multiple backups that represent multiple restore dates. Some backups should be new and some should be old. That way you will have more choices of dates to restore from if needed. For example, one backup from yesterday, another backup from two days ago, another backup from three days ago, and a fourth backup from two weeks ago, and so on. This becomes critical if you later need to restore from a backup. The more backups available, the better the odds of recovering your most recent and complete data. Multiple backup media and multiple backup methods are encouraged.
- Be sure that your backup media is secure. For example, some USB hard drives have built-in encryption and password protection. By setting a password on the drive, you can help keep your data secure.