Protecting yourself against online attacks

By John Bell, Director, IT, Faculty of Humanities

The vast majority (93%) of phishing attacks now contain so-called ‘ransomware’; hostile code crafted to seek out certain types of files on your computer and encrypt them to the extent that they can only be recovered by acquiring the proper encryption key.

This type of attack usually features a ransom note of some kind to alert the user as to how they might recover their data.

While this is a danger to all of us, there are steps that can be taken to protect yourself. For example, following ‘Email Best Practices’ is a great start for managing personal and organizational electronic messaging and diminishing malware threats that arrive via email. In addition some supplementary practices can assist with protecting yourself against ransomware attacks specifically.

Protecting Yourself and Your Data Against Ransomware Attacks

1. Backup Your Data!

It is critical that you back-up your data and optimal if you back it up and then disconnect whatever media you have used for the back-up. Ideally, you should back-up to some kind of network storage that is then further backed up by I.T. Specialists (the Faculty of Humanities administrative shares are a good example). If you are working on a personal computer, backing up to an external hard drive or flash drive is a good practice but to protect against an ransomware attack, the drive should be detached after a completed back-up. This way, if you do fall victim to a ransomware attack, your data is safe and can be restored with your system to get you back up and running.

2. Try to Minimize the Flow of Attachments From External Sources

The most serious threat your data is your email ‘Inbox’. It is therefore a good idea to try to minimize or eliminate processes that might require you to receive attachments from unknown sources. For example, if you (or your administrative staff) are posting for a job opening, require the applicants

to submit their application in MOSAIC so that you are not opening a slew of attachments from people you don’t know. If you simply create a posting and ask folks to send you their applications/resumes via email, you become an easy target for cyber criminals.

It is always a good practice to avoid the unnecessary use of attachments but if you do need to send a document, it is a common courtesy to mention in the body of the message that you have included an attachment and state the name and file extension of the attachment (PDF, DOCx, etc.). This lets the recipient know that you intended the document for them and it has not been injected a malicious actor.

3. Do Not Open Attachments From Unknown Sources

While this may seem almost impossible, you do have the option to attempt to contact the sender and verify that the attachment is both legitimate and safe. You should reserve the right NOT to open an attachment from unknown sources – particularly if it is completely unsolicited.

4. Unsure? Just Ask

The local IT support groups at McMaster can assist with I.T. Security issues and will provide prompt feedback on potential threats. If you are unsure about an email or an attachment, please contact your local IT support group promptly BEFORE clicking email links, providing credentials links or opening suspicious attachments. They are here to help and a quick email or phone call might just save your data.

Contact McMaster IT Security for more information about this and other internet threats:

email: c-it-security@mcmaster.ca

Web: http://itsecurity.mcmaster.ca/

Twitter: @McMaster_ITSec (https://twitter.com/McMaster_ITSec)

Facebook: https://www.facebook.com/mcmaster.itsec

Telephone: x28299

Republish this Article for Free

Republish this Article

We believe in the free flow of information. This work is licensed under a Creative Commons Attribution-No Derivs 2.5 Canada (CC BY-ND 2.5 CA), so you can republish our articles for free, online or in print.

All republished articles must be attributed in the following way and contain links to both the site and original article: “This article was first published on Daily News. Read the original article.”

<p class="p1">By John Bell, Director, IT, Faculty of Humanities</p>
<p class="p1"><span class="s1">The vast majority (93%) of phishing  attacks now contain so-called 'ransomware'; hostile code crafted to seek out certain types of files on your computer and encrypt them to the extent that they can only be recovered by acquiring the proper encryption key.  </span></p>
<p class="p1"><span class="s1">This type of attack usually features a ransom note of some kind to alert the user as to how they might recover their data.  </span></p>
<p class="p1"><span class="s1"> </span><span class="s1">While this is a danger to all of us, there are steps that can be taken to protect yourself. For example, following  'Email Best Practices' is a great start for managing  personal and organizational electronic messaging and diminishing malware threats that arrive via email.  In addition some supplementary practices can assist with protecting yourself against ransomware attacks specifically.</span></p>
<p class="p1"><span class="s1"><b>Protecting Yourself and Your Data Against Ransomware Attacks</b></span></p>
<p class="p1"><span class="s1">1. Backup Your Data!</span></p>
<p class="p1"><span class="s1">It is critical that you back-up your data and optimal if you back it up and then disconnect whatever media you have used for the back-up.  Ideally, you should back-up to some kind of network storage that is then further backed up by I.T. Specialists (the Faculty of Humanities administrative shares are a good example).  If you are working on a personal computer, backing up to an external hard drive or flash drive is a good practice but to protect against an ransomware attack, the drive should be detached after a completed back-up.  This way, if you do fall victim to a ransomware attack, your data is safe and can be restored with your system to get you back up and running.</span></p>
<p class="p1"><span class="s1">2. Try to Minimize the Flow of Attachments From External Sources</span></p>
<p class="p1"><span class="s1">The most serious threat your data is your email 'Inbox'.  It is therefore a good idea to try to minimize or eliminate processes that might require you to receive attachments from unknown sources.  For example, if you (or your administrative staff) are posting for a job opening, require the applicants</span></p>
<p class="p1"><span class="s1">to submit their application in MOSAIC so that you are not opening a slew of attachments from people you don't know.  If you simply create a posting and ask folks to send you their applications/resumes via email, you become an easy target for cyber criminals.</span></p>
<p class="p1"><span class="s1">It is always a good practice to avoid the unnecessary use of attachments but if you do need to send a document, it is a common courtesy to mention in the body of the message that you have included an attachment and state the name and file extension of the attachment (PDF, DOCx, etc.).  This lets the recipient know that you intended the document for them and it has not been injected a malicious actor.</span></p>
<p class="p1"><span class="s1">3. Do Not Open Attachments From Unknown Sources</span></p>
<p class="p1"><span class="s1">While this may seem almost impossible, you do have the option to attempt to contact the sender and verify that the attachment is both legitimate and safe.  You should reserve the right NOT to open an attachment from unknown sources - particularly if it is completely unsolicited. </span></p>
<p class="p1"><span class="s1">4. Unsure?  Just Ask</span></p>
<p class="p1"><span class="s1">The local IT support groups at McMaster can assist with I.T. Security issues and will provide prompt feedback on potential threats. If you are unsure about an email or an attachment, please contact your local IT support group promptly BEFORE clicking email links, providing credentials links or opening suspicious attachments.  They are here to help and a quick email or phone call might just save your data.</span></p>
<p class="p1"><span class="s1"><b>Contact McMaster IT Security for more information about this and other internet threats:</b></span></p>
<p class="p4"><span class="s3">email: <a href="mailto:c-it-security@mcmaster.ca"><span class="s4">c-it-security@mcmaster.ca</span></a></span></p>
<p class="p4"><span class="s3">Web: <a href="http://itsecurity.mcmaster.ca/"><span class="s4">http://itsecurity.mcmaster.ca/</span></a></span></p>
<p class="p4"><span class="s3">Twitter: @McMaster_ITSec (<a href="https://twitter.com/McMaster_ITSec"><span class="s4">https://twitter.com/McMaster_ITSec</span></a>)</span></p>
<p class="p4"><span class="s3">Facebook: <a href="https://www.facebook.com/mcmaster.itsec"><span class="s4">https://www.facebook.com/mcmaster.itsec</span></a></span></p>
<p class="p3"><span class="s1">Telephone: x28299</span></p>

Media Enquiries

Phone: (905) 525-9140 ext. 24073
Email: comms@mcmaster.ca

The Communications and Public Affairs Office is staffed from 8:30 a.m. to 4:30 p.m. Monday to Friday.

The University has a broadcast quality television studio to facilitate live and pre-recorded interviews with media. Learn more about our experts.