Reply to post: Re: Mitigation

Another Canadian uni hit by ransomware, students told to keep Windows PCs away

bombastic bob Silver badge
Megaphone

Re: Mitigation

"went to a user in the goods receiveable department."

even RSA got 'hacked' in a similar way, when an attachment with a payload was apparently opened [in 'virus outbreak' aka MS Outlook] by a low-level accountant that was "on the network".

general e-mail rules to avoid this:

a) *NEVER* preview in HTML

b) *NEVER* even VIEW in HTML

c) *NEVER* allow 'inline whatever' to be previewed (or even VIEWED) in an e-mail

d) *NEVER* click on a link in an e-mail. *NEVER*. [I've received fake 'unsubscribe this' links in legit-looking bulk mail that appears as if I were maliciously subscribed against my will, most recently to 'wired', which I forwarded to their abuse department instead - had I clicked, who knows what would've happened!]

HTML mail is *EVIL* and should be avoided. Doesn't matter how many cat-pic chain mails get forwarded that way. If you must see it, save the attachments, scan them, THEN view them.

This level of security requires strict I.T. policies *AND* compliance. However, if you can actually *GET* users to comply, it will save your ass at some point.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021