Right now, government agencies are warning about a significant ransomware attack being directed at US Hospitals. And I hear that the ADA is reaching out to dental offices, telling them to be alert and to make sure their data is backed up. As the current threat expands, any healthcare-related office needs to be on guard, as do you. Ransomware or viruses usually ignore geographic and other man-made boundaries. The next computer hazard could arrive in your inbox at any time.
But please don’t get too anxious, because your antivirus and other software security is going to help keep the threat at bay. What you should consider is: The bad guys know you’re already well-protected, so they will use mind games to get you to defeat your own security. Here are some basic tips to keep you safe and help you not get tricked into a computer infection:
- Don’t open attachments or click links that you weren’t expecting, or are from unknown people. Especially keep this in mind for when you receive a scary or alarming email! Ransomware is often contained in messages that claim you have an overdue account or large bill attached. By sending you unpleasant news, they hope to distract you and compromise your judgment for just long enough for you to open that viral attachment.
- If your gut is telling you something, LISTEN TO IT. Did you just get a message from your CEO that seemed a little off? Is your friend emailing you for something that isn’t in character? Don’t second-guess yourself, don’t struggle to get in their head. Step away from the computer and pick up the phone. Get confirmation through other means before you trust that email on your screen.
- Believe in your antivirus and other protections. Don’t be tricked into disabling any protections. I just received an Excel attachment and Microsoft Office opened it in “Protected View”, since it was obviously from somewhere foreign. But the file itself directed me to disable that Protected View feature and try again. If I had followed those steps, I would have infected my computer.
- Badly grammar and mispellings used to be the hallmark of malicious emails, but not anymore. But there are other clues you can look out for. If you can spot the sender’s email address, be critical of the spelling and exact domain name. If you see an obvious mismatch between the email address and sender name, then trash that email immediately. Examples: Fred Rogers, Microsoft Support with the address of email@example.com or Beatrice Snodgrass from Amazon Refund Agency with the address firstname.lastname@example.org .
- Don’t reply to emails that seem suspicious. Don’t call any phone number listed in an email that urgently calls you to action. You must not trust the contact info presented in the email! When verifying any email, use contact information from some source other than the email itself. For example, if you get a weird message from your boss, Forward the message to his email address from your address book, and maybe Cc: his boss. Or if you get an alert from your bank, grab your last paper statement or bank card, and call the phone number printed there.
Be safe out there, folks!