Earlier in the week, as I usually do, I was holding up the pillars of society through my menial government data entry job and blissfully thinking about the indispensable tacos I would be enjoying later. Suddenly, the silence was broken by a coworker across the room shouting “Oh no! My computer says I have 32 viruses, but I think this link will fix them…” I tripped over my chair and scrambled back up toward her, unleashing a panicked “Debbie, nooooooo!“
As I ran to her desk to prevent the imminent destruction of western civilization via the malware she had just received, I was in a panic for two reasons:
- She’s a very nice woman and I didn’t want to see her sobbing while the IT department told her that all of her data was gone forever.
- If she did infect the government server with malware, the office would be forced to lock down our network and not let us visit any external websites, forcing me to write my blog entries on my phone like the rest of you savages.
We in the tech world pretend to believe that network security is common sense and that nobody is “stupid” enough to fall for malicious attacks. It’s not stupidity; you can’t be on edge constantly, waiting for an imminent cyber attack that may never come. Still, it seems as though every week we hear about another data breach at a giant corporation that affects millions of people. Attacks like this are generally not the result of super-genius hackers feverishly clacking away at keyboards in dark, smoke-filled warehouses. Usually, Debbie in accounting gets an email telling her she’s won a free trip to Bali and that her tickets are right through this attached link. Once she clicks that link, the doors of the entire organization are thrown wide open.
There’s never going to be a way to keep an organization 100% secure from cyber attacks but there are three rules of thumb everybody should remember, yet which are forgotten in the heat of the moment. It’s your employer’s responsibility to train you on their procedures regarding internet use, nevertheless it’s good to keep these best practices in mind both at work and at home.
Your browser can’t scan your computer for viruses
As my opening story illustrated, the old “2,364,642 viruses have been detected on your computer, click here to fix” pop-up is by far the most popular cyber attack. Thanks to the dependable desire of bloggers and social media influencers to make money from their websites, it’s relatively simple for attackers to disguise malicious code as an advertisement and hijack an ad server to have their code delivered to millions of people in seconds. The link to fix the viruses is the virus itself and this type of attack preys on people’s fear and desire to do the right thing. Remember: it is your IT departments responsibility to check your computer for viruses and to fix them, not yours. If you’re at home, most operating systems these days come equipped with antivirus software that is adequate enough for casual use. Regardless, it might be a good idea to pick up one of the antivirus and anti-malware solutions I’ll mention at the end of this article.
Don’t open email attachments
While less common than the pop-up method these days, malicious emails are still targeted at companies with enough frequency to be concerned about. There are as many reasons for doing this as there are possible crimes and it takes very little knowledge with technology to pull off this type of attack which means it’s the most common these days.
A malicious email could be a link to a web address that automatically installs viruses or adware on your computer or it could be similar to the example in my introduction. You’re given some false information (such as having a bazillion viruses on your computer) and the only way to fix it is to pay money to some random software company that nobody’s ever heard of. It may seem bizarre and an obvious scam but if it didn’t work, nobody would do it.
There isn’t a situation in which anybody needs your password
“Don’t give out your password for any reason” has been repeated so many times it’s become a meme, yet people still do it every day. I myself fell prey to this as a teenager using America On-Line in the mid 90’s. My best friend at the time had my family’s password because we always used the service together. One day while I was away using the bathroom, my friend received an instant message from a stranger claiming to be AOL tech support and my friend gave them my family’s password with no objection. That stranger then used my account to ask other people for their passwords which got my account flagged as malicious; it took a week and multiple phone interviews with a. AOL investigator back then just to get my family’s service back. I can still hear that investigator’s parting words to me clear as day 20 years later: “Never give your password to anyone!”
Password theft is such a pervasive threat that most online services include notice in their service agreements that they will never, for any reason, ask you for your password. They don’t need it! The companies who manage your phone contract, auto insurance, and online shopping accounts can all access your personal data with ease (and some do but that’s a different discussion). I, personally, have access to an alarming amount of personal information for everybody living in the United States but fortunately you’re all protected by the threat of quite a lot of prison time if I’m caught abusing this privilege!
How can you stay protected?
Premium antivirus solutions come at a price that may seem like extortion. For example, while Norton Antivirus has a free version, they’ve also jumped on the subscription bandwagon so now you’re having to pay up to $100 a year for their top service. That’s ridiculous for something that you’re more than likely never going to need. Fortunately almost every antivirus package out there has a free version with limited capabilities that, to be perfectly honest, are good enough unless you’re downloading terabytes of hentai every day. If you don’t know what hentai is, don’t google it.
Below, in no particular order, are my top recommendations for antivirus and antimalware software. I haven’t been paid to advertise any of these, they’re just what I recommend to friends and family.
Bitdefender passively scans your computer automatically, blocks malicious URLs, and on the upper tier can also prevent access to your webcam and monitor your children’s internet activity if you’re one of those people. While they do offer a free tier here, all of their packages are very reasonably priced for what you get and they have consistently been named one of the best antivirus companies there are.
I’ve been using Malwarebytes as my opening attack on a malfunctioning system for a decade. I keep a copy on a flash drive and whenever somebody tells me their computer is behaving strangely, it’s the very first thing I run. The free version will detect and eradicate any virus or other malware that’s been discovered. The premium version ($30 a year) runs live in the background and constantly scans your PC for malicious activity, but I’ve never found this to be necessary. Just pick a time every week or so in which you run the program yourself and you’ll be fine 99% of the time.
I’ve lumped Norton and McAffe together because they’re virtually the same, quality-wise and cost-wise. They both contain a pretty all-encompassing suite of utilities to keep your computer and network safe from attacks and a long history of dependability that some people take into consideration. Still, you pay for quality. Their lower tiers don’t do anything more than other antivirus solutions offer and their higher tiers are prohibitively expensive. I personally wouldn’t pay $200 a year for something I may never need, but if you know somebody who frequently falls victim to emails from Nigerian princes and free vacations to the moon (you know the type… they share those “1 like = 1 prayer” memes on Facebook three times a day), they might need something extensive that protects them from themselves.
At the most basic level, it really doesn’t matter which one you decide to go with. To be honest, you may not even need an active antivirus program if you use Windows; it comes with its own. At the end of the day, being suspicious of emails and popups from places you don’t recognize is the best defense against any online threat. Antivirus software simply adds an extra buffer of protection in case you do make a foolish decision.