End User Awareness Training
Generally, viruses and worms get into your network through unsolicited e-mail messages, also known as spam. Educating users about how to deal with spam effectively can help reduce the chance that viruses and worms get into your organization. Spam is frequently a result of social engineering tactics employed against your users. For example, your users may receive spam that includes a disclaimer stating something that is similar to the following:
If you wish to be removed from this mailing list, you should respond to the mail with the word "Remove" in the subject line.
Although this is a legitimate tool for some reputable companies, it is frequently a means of verifying that an e-mail address is valid so that the address can be used again. It is likely that the address will be sold to other spammers now that it has been validated.
Attachments are the most important education area for users. Help them to understand what types of attachments are safe to open. Almost every virus transmitted by e-mail relies on users opening some kind of malicious attachment to initiate the virus. Some file formats, such as .zip files that are protected with a password, may be allowed and antivirus file scanners cannot scan them. Also, users should know about double-extension attachments, such as executables with a .jpg extension (Filename.exe.jpg), which pass through the attachment blocking as a .jpg file, but may contain malicious code in the executable.
Note
Educating users is not a substitute for running antivirus client software on the desktop.
Recommendation
- Educate users about how to combat spam and viruses.
Resource
- For more information about what users can do to combat spam, viruses, and worms, see Help keep spam out of your inbox.