Half of the web is vulnerable to malware attacks, as we measured recently in our State of the Web research report, making it clear that merely visiting a legitimate web site is risky.
Here are 10 practical tips for day-to-day protection and mitigation against cyber threats – we still advise isolation as part of a powerful malware prevention strategy, as does Gartner.
1. Use an ad-blockerMalvertising campaigns are on the rise, and ad sites are typically infiltrated first to deliver ransomware to unsuspecting users.
2. Use the Google Chrome Browser
Among browsers, Google Chrome has a higher degree of focus on security, and more importantly, contains an implementation of Flash that is highly restrictive.
3. Phishing – Look closely at the URL from any email for special characters, numbers, etc.
In many cases, what looks like a message or URL from YourBank is not a YourBank site. If your financial institution, or a site that you have an account with, sends you a ‘password reset’ email, log in to the bank directly instead of clicking on the link in the email. We have seen phishing become increasingly sophisticated, so this extra step is important.
4. Disable or uninstall Flash
Flash is known to carry dangerous malware attack payloads. Users don’t often need Flash and most sites have switched to HTML5 video.
5. Keep the software on your PC, Mac, and Smart Phone up-to-date
Companies frequently update software for security vulnerabilities. This is table stakes and the least you can do to stay safe against malware effects on your machine.
6. Do not download PDFs and Word documents from untrusted sources
Ransomware predominantly spreads via weaponized documents. (See our blog about
7. Use Google’s free PDF URL converter
Safely view the contents of a PDF without having to download it.
8. Avoid downloading executable and Zip files from untrusted sources
There’s no way to guarantee the efficacy of executable and Zip files. If you download them anyway, you deserve to pay bitcoins.
9. Use browser-based web email instead of an email client
The main advantage is most web mail providers have document previews (like Google Docs) that can be used to safely view the document without having to download it first.
10. Avoid custom apps and extensions, especially from untrusted sources
We have seen many extensions and apps that have started out good, but turn rogue as part of a software update. Follow mitigation techniques—do not install apps from untrusted stores or sources, as you have no way of verifying if they have been weaponized.
If you’re responsible for IT security, check out Isolation from Menlo Security to help protect your end users against malware, phishing, and credential theft. Isolation inserts a secure, trusted execution environment between your end users and potential threat sources, such as web sites and email links. It’s easy, and it makes it safe to click. Learn more.