In the past several days, two of our customers suffered a potential breach when their users opened Word documents sent as attachments. The infected files slipped right past sophisticated email protection systems.

Fortunately, at both companies, the IT teams got involved early on and averted disaster.

In one case, the attachment came from a trusted third party that was unaware their systems were compromised. Remember, your security is only as good as the security of your third party providers.

If you unexpectedly receive an email message with any attachments other than pdf files, be very skeptical and notify IT immediately. You may save the security of your organization.

The post Avoid Opening Word Attachments – Check with IT First appeared first on Foster Institute.

The tech support representative at the bank pressed, “I cannot help you if you do not let me into your computer.”

The team member said, “Yes, you can. I can read you anything displayed on the screen, and I can type or click where you say. But we cannot permit anyone to connect remotely. What do you need me to read to you?”

The technician said, “Uh… Ok. What does the error message say?”

The team member replied, “The routing number field is not long enough.”

The technician said, “Ok, that is easy to fix.” And continued to help resolve the problem and all was fine.

Never, ever, permit anyone to remote into your computer.

Once you permit any third party to access your computer, your company’s security is only as good as their security. And you have no idea how good their security is.

Your internal IT team, or outsourced managed service provider, can already take control of your systems without asking you. They will not need to ask your permission. So, if you ever receive a call saying, “This is tech support, you don’t recognize me because I’m the new guy. I need your help to fix your computer. Please go to this website so I can take control of your system to resolve a technical glitch before it crashes your system,” then blow a whistle into the phone as loud as you can. That’s a bad guy using a social engineering ploy in an attempt to trick you into allowing them access into your system.

When in doubt, go back to the only reasonable answer: “No. You will not get access to this computer or any other computer at our organization.” Report this immediately and warn everyone else.

Please forward this to everyone you know or care about, so they know: Never permit anyone, even third party technical support, to access your computer remotely.

The post Never Permit Tech Support to Access your Computer appeared first on Foster Institute.