Security Awareness – Malware Self-Defense


What is malware?

Malware is short for “malicious software” that is intended to damage or disable computers and computer systems. Malware includes viruses, ransomware, rootkits, Trojan horses, backdoors, key loggers and adware.

How malware attacks occur

Opening an email attachment:

Sam opened a Microsoft Word email attachment sent by an unknown sender. The attachment contained a type of malware called ransomware that encrypted all their files. A message appeared on their screen indicating they needed to pay a $5,000 ransom to get their data back.

A Web browser pop-up:

Pat visited a news website at lunch time on a work computer. A pop-up message appeared that said the computer needed updates. Pat followed the instructions and installed a type of malware called a key logger that sent all their keystrokes, including login credentials and passwords, to the hacker.

Opening a found USB drive:

Riley finds a USB drive on the floor and plugged it into a work computer to find out what was on it. The USB drive appeared empty and was then used to transfer files to their home computer. Each computer the USB drive was connected both computers were infected with malware that gave control to a remote hacker.

Clicking a link in an email message:

Chris received an email message indicating someone had sent them a greeting card. Chris clicked on the link and was taken to a compromised Web site that installed a type of malware called adware. The adware ran in the background and made requests to Web sites to generate fake advertising revenue for the hacker.

10 tips for malware self-defense

  1. Install and keep Anti-virus software up-to-date
  2. Apply software updates regularly
  3. Be cautious about inserting USB drives and discs into computers
  4. Beware of free software because it may be malware
  5. Use the attachment preview to peek at files you receive unexpectedly via email
  6. Turn on your computer's built-in firewall
  7. Review the destination of links in messages before clicking
  8. Avoid free Wi-Fi networks where data eavesdropping can occur
  9. Backup data to storage that is not regularly connected to the computer
  10. Ignore Web pop-ups that say software is out-of-date. Visit the manufacturer’s web site to obtain updates

For more information

The Information Security team has introduced an ongoing Information Security Awareness program for faculty and staff. This program is designed to help employees protect their sensitive information and that belonging to others. The program combines monthly advisory messages with phishing training exercises. For more information please see the Information Security Awareness program for faculty and staff guide at: https://its.sfsu.edu/guides/informationsecurityawarenessprogramfacultyandstaff