Best Practices for Opening Email Attachments

May 13th, 2016 by Rocket IT

With the rise of ransomware arriving infiltrating inboxes all over the world, through innocuous-looking email attachments, it’s important to know how to keep your network secure. Follow these best practices when receiving attachments to keep your system and your data safe from malicious programs hidden in documents.

1Don’t download files with extensions that don’t look familiar to you. If you don’t usually receive .dot files, then you should be wary when you see one pop up in your inbox. This is especially important to remember when you don’t recognize or trust the sender, and when you’re not expecting to receive an attachment.

It’s a best practice to not open attachments you aren’t expecting. If you do receive one from a trusted sender, but you weren’t expecting one from them, confirm with them before opening the attachment. Hackers have been known to “spoof” email addresses from legitimate sources to send viruses.

2Keep your antivirus program up to date. You’d be surprised how vulnerable you leave your system when your antivirus definitions aren’t updated regularly. Viruses and ransomware are constantly adapting to find new ways into systems, and your antivirus needs to be able to keep up.

3If an attachment prompts you to enable macros once you open it, please do not do so. Close out the attachment and speak with your system administrator. Like the Locky ransomware, many viruses use macros in attachments to run on your system, downloading the virus itself from a remote server and executing it.

Attachments like this often appear as Word documents with jumbled or nonsensical content, and a message that prompts you to enable macros (or enable editing) to read the document if it isn’t appearing correctly. If you have a pre-2010 version of Microsoft Word, you may not have the Protected View option, and the macro may run automatically without having to retain permission from you. Check with your administrator to find out what settings your Office products have regarding macros.

4Make sure macros are disabled automatically on your system, so if you or your users open an attachment with a hostile macro, you still have another layer of protection. If you don’t have an administrator who can do this for you, you can disable macros yourself in Microsoft Office by following these steps:

  • Open Microsoft Word and go to the File Select Options
  • Click Trust Center, and then open Trust Center Settings
  • Within the Trust Center, select Macro Settings
  • Select either Disable all macros with notification or Disable all macros without notification

Hackers keep finding new ways to get into computers and lock or compromise data. Don’t make it easy for them to get into your device. Follow these guidelines.

Want to learn more about keeping secure? Read our article about practicing link safety here.

 


 

TPAbout the Author – 

Tyler Priest is an enthusiast for Information Technology and is a Junior Systems Administrator for Rocket IT. He enjoys hiking, fishing, and has a passion for kite flying. He resides in the comfortable hometown of Winder, GA with his family. 

 

A fun stylized rocket on the floor isolated on a white backgroung with clipping path.

As a passionate steward of our community, we would like to keep you informed on urgent technology-related news. These will typically be security-related alerts; for instance, if a vulnerability has been identified that could pose a risk for you. Go here to sign up for alerts from Rocket IT.