Hopefully, by this point, all businesses have grasped the fact that they need robust anti-malware protection and a firewall on both their website and their local devices (including mobile ones). These offer significant protection, but, all the same, it is still very useful for human staff to know how to protect themselves online, especially how to scan links for viruses as this allows them to act as backstops for your security software.
Why you still need to know how to scan links for viruses
If you’re using a robust security product then there is a very good chance that you can depend on it completely for protection. This is not, however, 100% guaranteed as malicious actors are continually changing their tactics. For this reason, the safest option is to teach human staff how to protect themselves when using email and the internet. In particular, it’s important to teach them how to scan links for viruses.
How to check links for viruses
Firstly, look for any strange characters. People with legitimate domains generally want them to be easy to remember. They are therefore highly unlikely to want to use domains with strange characters in them. This means that strange characters in links are likely to be a sign that the sender is using URL encoding to disguise the fact that a link is malicious.
Secondly, never click an embedded link in an email (at least not without verifying it). An embedded link is one that has the real link hidden behind regular text. These are widely used on webpages as they make them look tidy and therefore easy to read. By contrast, they are hardly ever used in legitimate emails as they have become so strongly linked with phishing attacks.
In short, an attacker presents themselves as representing a legitimate organization, such as a bank, and, in that capacity, instructs the recipient to click on a link to take an action, such as logging in. In most cases, you don’t even need to bother scanning this link for viruses, just assume it is a phishing email and delete it. If you do want to check just go to the organization’s real website and log in from there.
If you do want to check it, then the easiest option is just to right-click on the embedded link and choose “view properties” and you’ll be able to see the actual link behind it. Depending on how astute the hacker has been, this may look a bit like the genuine URL, but if you look at it properly it will probably be fairly obvious that it’s false.
Thirdly, be alert to short links. Rather like embedded links, these do have legitimate uses especially on social media where you can’t embed links as you can on webpages. In emails, however, they are a major security risk. If you’re interested in them, you can use a link expansion service to check the proper link, but, usually, the safest and most time-efficient option is just to delete them.
Remember text messages can have links too
Although everything in this article so far has referenced email, text messages can have links too. In a business context, it’s less likely that people will receive malicious links through text messages than that they will receive them through email. This is purely because fewer people have company phones than company email addresses. That said, if you are using company phones, then you need to apply the same security practices to text messages as you do to emails.
You also need to make sure that all mobile devices, especially cellphones, have at least the same level of protection as regular computers. Remember that teaching humans how to scan links for viruses is essentially a backup to your automated protection. It’s highly unlikely to be enough on its own.
It’s vital to teach staff how to stay safe on the phone
Although it’s still very common for malicious actors to use old-school “spray and pray” tactics to spread their malware, it’s becoming increasingly common for attacks to be targeted. This is particularly true of attacks where there is, or at least can be, a direct economic benefit to the attacker, such as ransomware attacks.
These targeted attacks can be very sophisticated and involve a lot of preparatory work to gain the victim’s trust. This can involve emails and instant messages but it can also involve phone calls as it is much harder to monitor these in real-time and alert people to threats. It’s therefore vital that you teach staff how to monitor their own security on calls, especially video calls.
Please click here now to have your website scanned, for free, by cWatch from Comodo.
Removal
Security stack layer 1
Malware Detect & Removal
Our malware detection scanning, preventive methods and removal enables you to take a proactive approach to protect the business and brand reputation from malware attacks and infections.
- Unsuspecting websites get infected with malicious code.
- Continuous website monitoring to detect any incidents.
- Identify and remediate the cause to hardening your websites.
Comodo cWatch Web can identify malware, provide the tools and methods to remove it, and help to prevent future malware attacks at the edge before it hits the network, included as a paid member.
By clicking the button below, I agree to the Terms of Service and Privacy Policy. Already have an cWatch account? Sign in here
Response
Security stack layer 5
Cyber Security Operations Center
Our exclusive C.S.O.C. is staffed with certified security analysts to monitor, assess and defend websites, applications, databases, data centers, servers, networks, desktops and other endpoints.
- 24 / 7 / 365 security monitoring using state-of-the-art tech.
- Engage clients of complex threats to resolve the issue.
- Real-time web traffic monitoring and proactive incident fixes.
C.S.O.C. checks for threats, identifies and analysis then performs the necessary actions to resolve the issue while offloading costs of in-house experts by using stack layer 3 to handle the heavy lifting.
By clicking the button below, I agree to the Terms of Service and Privacy Policy. Already have an cWatch account? Sign in here
Intelligence
Security stack layer 3
Security Information • Event Management
S.I.E.M. collects logs and events the network traffic and web assets, security devices, operating systems, applications, databases, and reviews the vulnerabilities using artificial intelligence to process.
- Reduces billions of events into prioritized threats real-time.
- Identifies changes in network behavior with activity baselines.
- Flows data searches in real-time streaming or historical mode.
S.I.E.M. senses and tracks significant threats to links to all online supporting data and context for easier investigation. While anomaly detection to identify changes associated with the network safety.
By clicking the button below, I agree to the Terms of Service and Privacy Policy. Already have an cWatch account? Sign in here
Prevention
Security stack layer 4
Web Application Firewall
W.A.F. by Comodo eliminates application vulnerabilities to protect websites and web applications against advanced attacks including Denial-of-Service (DDoS), SQL Injection and Cross-Site Scripting.
- Destroys malicious requests and thwart hack attempts.
- Protection to account registration forms and login pages.
- Malicious bots and brute force attacks are block and patched.
Combined with malware scanning, vulnerability scanning and automatic virtual patching and hardening engines provides robust security is fully managed for Comodo cWatch Web customers.
By clicking the button below, I agree to the Terms of Service and Privacy Policy. Already have an cWatch account? Sign in here
Performance
Security stack layer 2
Add a network of globally distributed servers designed to boost the speed for websites and web applications by transferring content to your user based on their proximity to the nearest CDN web server.
- Proven to increase search engine rankings and site scores.
- 29 worldwide CDN node locations to reach your users.
- Save your bandwidth by leveraging CDN browser caching.
CDN serves your users your website content with virtually unlimited capacity. Giving you the freedom to focus less on site maintenance, more on scaling the uptime of your traffic and target audience.
By clicking the button below, I agree to the Terms of Service and Privacy Policy. Already have an cWatch account? Sign in here
Compliance
Security stack layer 6
Payment Card Industry • Data Security Standard
PCI • DSS ensures that your customers' cardholder info is kept secure from security breaches through a meticulous scan of your network and applications to identify and fix security vulnerabilities.
- Simple and automated way to stay compliant with PCI • DSS.
- Pass the requirements for the 12 points PCI • DSS standard.
- Schedule on-demand PCI scans to report quarterly results.
Establishes and implements a firewall, hardens your environment, disables unnecessary services & configures system parameters to prevent misuse, ensures system audit components are protected.
By clicking the button below, I agree to the Terms of Service and Privacy Policy. Already have an cWatch account? Sign in here
© 2024 Comodo Security Solutions, Inc