The potential damage caused by computer malware, viruses and worms, should be considered by all attorneys in implementing an information security program for their firm. Prevention is key in protecting client data. These malicious programs may cause a device to crash, destroy electronic files, surreptitiously monitor device activity, steal personal information, hold sensitive information for a monetary ransom, and even allow an attacker to take unauthorized remote control of the device. Some are hidden in other software, which acts as a “Trojan horse” to deliver a virus to its target. Others may find their way on to a computer through e-mail file attachments, portable media (i.e. CDs and USB drives), or a website. The means of infection are numerous, but there are simple steps that can be taken to prevent infection and protect important data. The following are several tips to prevent infection:
- Install anti-virus software from a reputable vendor. Update the software’s definitions regularly to ensure it can identify new threats. Schedule a daily automatic scan of your system. Most anti-virus software packages have active scanning features that scan each executable file upon execution. Enable this feature to continuously protect your system. Use a file-specific virus scan before opening new files or programs.
- Be cautious with e-mail attachments. Do not open e-mail attachments that are not expected. Note that it is possible for a sender to “spoof” the origin of an e-mail to make it appear to come from someone you know. When in doubt, and if possible, call the sender to verify that they sent the e-mail and attachment. Ensure that your e-mail software is not set to automatically download attachments. Use an anti-virus program that automatically scans e-mail attachments.
- Keep all software on the device up to date. This includes the device’s operating system and any software that runs on the device. Set updates to download and install automatically to ensure that your operating system and software receive security patches for known threats.
- Create separate user accounts on the computer. If your computer allows you to create separate accounts, consider creating an account that does not have full administrator privileges. This restricted account may be used to access e-mail while decreasing the risk to the system.
- Regularly backup your data. Prevent data loss by conducting a regularly scheduled backup of all important files.
- Be wary of “tech support” scams. Some scammers use pop-ups on websites or software packaged with other downloaded programs to display messages on your device that say it is “infected,” has performance issues, or requires technical assistance. These scams claim to provide anti-virus, technical, or software update support. They demand money to fix your device and request control of your computer. If you receive an unexpected website “pop-up” or spam e-mail message about problems with your computer or its performance, do not click on it or respond to it. Note that software companies and internet service providers often provide automatically installed updates.
- Implement and be aware of internet browser security. Do not disable browser security settings. Most modern browsers come with built-in security that can warn you before visiting a page that may expose you to a potential threat.
- Read each screen before installing software and obtain it from a reputable source. Avoid installing “bundled” software unless it is expected or required. Software should only be downloaded from a site you know and trust.
Practicing safe computing involves being aware of risks and threats to your device and taking steps to prevent the threat from affecting your device. Following the above points will assist in protecting your important electronic information. For more information on protecting our device and the information on it, please see the following resources:
- Information resources from the Federal Trade Commission (FTC) regarding online security : https://www.consumer.ftc.gov/topics/online-security
- General online security advice offered by the FTC: https://www.onguardonline.gov
- Virus and Malware Information from the US Computer Emergency Readiness Team: https://www.us-cert.gov/publications/virus-basics