Best Practices

1. CrowdStrike

  • CrowdStrike is our Anti-Virus software that is installed on all SMRU/TBHF owned computers, except offsite computers..

  • Connect your computer to the internet at least every two weeks to make sure you regularly receive Anti-Virus updates.

2. Phishing

2.1. Ten Signs of Phishing

  • What is Phishing? Phishing is any type of attempt to trick you into doing something to benefit the crooks, usually through email.

  1. Just doesn’t look right.

    • Is there something a little off with the emails? Too good to be true? Trust your instincts if they tell you to be suspicious.

  2. Generic salutations.

    • Instead of directly addressing you, phishing emails often use generic names like "Dear Customer." Using impersonal salutations saves the cybercriminals time so they can maximize their number of potential victims.

  3. Links to official-looking sites asking you to enter sensitive data.

    • These spoofed sites are often very convincing, so before revealing personal information or confidential data examine the site to make sure it’s real.

  4. Unexpected emails that use specific information about YOU.

    • Information like job title, previous employment, or personal interests can be gleaned from social networking sites like LinkedIn and then used to make a phishing email more convincing.

  5. Unnerving wording/phrases.

    • Thieves often use phrases meant to scare you (such as saying your account has been breached) to trick you into acting without thinking, and in doing so revealing information you ordinarily would not.

  6. Poor grammar or spelling (or both).

    • This is often a dead giveaway. Unusual syntax is also a sign that something is wrong.

  7. Sense of urgency.

    • For example: "If you don’t respond within 48 hours, your account will be closed." By convincing you the clock is ticking, thieves hope you’ll make a mistake.

  8. You’ve won the grand prize.

    • These phishing emails are common, but easy to spot. A similar, trickier variation is asking you to complete a survey (thus giving up your personal information) in return for a prize.

  9. Verify your account.

    • These messages spoof real emails asking you to verify your account with a site or organization. Always question why you’re being asked to verify - there’s a good chance it’s a scam.

  10. Cybersquatting.

    • Often, cybercriminals will purchase and "squat" on website names that are similar to an official website in the hopes that users go to the wrong site, such as www.g00gle.com vs. www.google.com. Always take a moment to check out the URL before entering your personal information.

2.2. PHISH

  • P: Promises unbelievable things?

  • H: Harassment to get you to click/reply?

  • I: Instincts does it feel wrong?

  • S: Sense of Urgency Insisting you do something?

  • H: Hit DELETE In that case, Hit delete!

3. Email

  • Never open attachments or click URLs (links) from an email that

    • You were not 100% expecting to receive.

    • You do not 100% know the email sender.

  • Look for suspicious items like

    • Sender and reply to address are mismatched or suspicious.

    • Email has poor grammar or poor formatting (like all CAPITALS).

    • Hovering over a URL shows a strange, unknown, or mismatched web address.

  • Never provide account (or personal) details either via a link or a reply to the email.

  • Do not forward emails (to others) which you suspect contain malicious content.

  • Do not respond to suspicious emails regardless whether you suspect it contains malicious content or not.

  • If in doubt then contact the IT Helpdesk.

4. Websites/downloads

  • If anything appears out of the ordinary on the page - including the web address, website features or other aspects of the site - then immediately close your browser.

5. USB drives

  • Do not use USB drives on another computer without Anti-Virus.

  • If you’ve used your USB drive on someone else’s computer or public computers then always scan your USB drive by provided computer with Avast Anti-Virus located beside the photocopy machine or always ask the IT helpdesk to check your USB drive before you connect it to your computer.

6. Hacked/Cracked software

  • All hacked/cracked software is guaranteed to have malware. Never use this kind of software.

7. Data backups

Data backups don’t prevent malware infections but allows you to recover.

  • Ensure your data on your computer is backed up on a regular basis.

    • Regular basis depends on how much data your willing to potentially lose.

    • If you don’t mind losing one week of data then you can back up once per week.

    • If you only want to potentially lose one day of data then back up every day.

8. Windows updates

  • When the computers are installing updates don’t turn the computer off and wait until all updates are finished.

    • If the update process asks you to restart your computer, then restart.

    • After the computer has updated, check for new updates again.

    • Repeat above steps until all updates are installed.

9. Local administrator and normal user accounts

  • Use your normal user account for day to day activities.

  • Never use a local administrator account or another account that belongs to the local administrator group (privileged account) for your day to day computer activities.

  • Only use these privileged accounts for specific tasks that require the elevated permission (install drivers, install new software, etc.).