Security Guide: what you should know "Lady Barbara" with the accounting department?

Work in the position of accountant is very responsible function in every company. From one man can depend on many factors. The person who has control over finances should be trained with a range of computer security — at least to the extent that, to deal with the recognition of social engineering attacks, and malicious software. This safety guide contains some aspects that employers should pay particular attention.

Security Guide: malware can hide in the annexes

Malware in email most often takes the form of attached MS Office files with embedded malicious macro. Attacks using the techniques of manipulation in the majority of cases are very similar.

Poradnik bezpieczeństwa rozpoznawanie spamu

As a general rule, you might want to take the following criteria: If the message contains a protected archive, in the content of the shows on the unpaid account, blocked bank account ... is in 99% of cases, it should be assumed that this is spam.

Those officials of the position of administrator or security managers should ensure that the correct security sensitive computers and instruct the employee on how to proceed with attachments.

Not everything is an invoice, it shall

Sometimes the greatest enemy of any company that accounts for employees and the tax authorities by electronic means is routine. Perform the same operations every day, puts alertness to the point that after a period of time not already due attention on the reliability of the provided documents. Senders who send invoices become "trusted," and attached files sent financial information are opened without any further check of their reliability.

It is difficult to protect against this form of carelessness. Each of us is, after all, a man — a weaker days there are, after all, everyone — and we may be tempted to check the contents of the file. You should not ignore such threats and now you need to properly secure the points that most often contribute to computer viruses.

The most effective approach to protection issues are safety solutions that allow you to run only those applications that are necessary for the proper functioning of the company. Although in the initial stage of a form of security based on white lists application can be labour intensive, in the long run is one of the more effective and allows you to use only those programs that allow the person responsible for the the smooth functioning of the entire environment.

The message header hides the whole truth about the sender

Although in the "from" field is the name of the person or institution (which is very easy to fake), display the message source (keyboard shortcut CRTL + U in mail clients, for example. Outlook, Thunderbird, Postbox) reveals the real sender.

Poradnik bezpieczeństwa spam

The use of any email address to spread malicious files is not much of a problem. In results impersonate electronic address (email spoofing), meticulously prepared message has increased the chances of success.

Particularly important in all of this is whether the employee can recognize false information from this true. If well prepared message (special characters: the correct Polish spelling, unique information in the footer, attachments) may serve as a 95% chance of success, it still remains a certain margin of error, which will rule whether the an electronic message is spam if it is not.

Identify fake notice helps. message header (source). The field "FROM" or "subject" can be easily faked, however, displays detailed information about the message provided helps to determine its authenticity.

Źródło wiadomości email

For niewyszkolonego an employee not to transition may be the extraction of relevant information, which are contained in the source message. Contrary to appearances, the mastery of this skill is not difficult. Although no practical activities to verify the authenticity of can be a challenge.

Recognition of false information

Smooth eye will notice that this news is something wrong. Although the sender seems to be credible, it is in fact the person who claims to be the head of the ds. distribution does not exist. What's more, for unknown reasons, the attached files have been added to the RAR archive, and the domain does not belong to the Group of Polish Construction Warehouses.

Złośliwe zalączniki

In order to effectively protect themselves from the potential effects of social engineering attacks, staff training is needed. The credibility of most of the information contained on the first glance, impossible to confirm in a few minutes using an Internet search engine. This is not always a good way, therefore, worked out security habits we should cast off from an early age. The sooner we start, the better, because the techniques used by criminals evolve and no way in any case distinguish the real message from a fake.

Computer stations, which are the most susceptible to data loss (encrypt or theft), we recommend the installation of a reputable Internet security software that will protect every potential vector of infection (not only). Helpful materials is our Guide to recognise spam and tests (this, this and this) anti-virus products, in which the best results systematically record solutions: Arcabit, BitDefender, Comodo, ESET, Kaspersky Lab, Quick Heal, SecureAge Technology, SpyShelter and Trend Micro.

Add new comment

The content of this field is kept private and will not be shown publicly.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.