Email is everywhere and vital to both business and personal communication. You’ve no doubt used email to share important documents with others both internal to your organization and beyond. And you’ve probably received many documents as well over email. Unfortunately common files like Word documents, Excel spreadsheets, and PDFs, are also typically used to spread malware or other nefarious programs. And it’s not just the attachments you need to be wary of. Hackers and others also use email to try to get users to click on spoofed emails, or as phishing attempts to trick users into clicking on an infected link or share sensitive information. You might’ve seen an email of this type that includes a line like we need your updated bank account information or something similar. Even though most IT departments have installed software to scan every incoming email and document, malicious messages can still get through. Why? Because new and more sophisticated versions of these attacks are created everyday, and our security software is often reactive, that means it’s not enough to rely on only your software. Instead try to practice these proactive habits. Never open an attachment that looks suspicious. Pay attention to the sender’s email address and ensure that it’s legitimate. Make sure the attachment is a known file type. Also be careful of running macros in Office documents as they can contain viruses. Don’t click on a link from an unknown sender. It’s often harder to identify malicious links so hover over the link and look at the URL or the address of the link. If it seems odd, for example, if it looks like an actual company name but it’s slightly misspelled, don’t click on it. Or if you don’t know the sender, don’t click on it. When in doubt ask your IT department for help. Never respond to an email or a link asking you to verify account information. A real company would never do this as they know malicious senders are doing this. This scam is know as phishing. And here’s an example, an HR employee was asked by email for all employee information including partial social security numbers. Unfortunately the employee sent the information without verifying that it was a legitimate request, it was not. The company then had to spend lots of time and money helping employees protect themselves after the breach was discovered. Never respond to spam or junk email. All you’re doing is showing the sender that your email address is a legitimate verified address. Now they will only double their efforts in sending you emails and may even sell your email address to other spammers. If you do find malicious emails be sure to mark them as spam or junk, and let your IT department know about them. If you think you’ve clicked on something by mistake, immediately call your IT department. These viruses can spread quickly and time is of the essence when it comes to fighting them. On your personal computer make sure your security software is up to date and run it immediately. Once you get into the habit of following these practices, it’ll become common place. And it’s absolutely worth it to take those few extra moments to look for possible issues. A stitch in time saves nine as they say. And the clean up and aftermath from one bad click will not be pretty.