Preventing Data Loss from Viruses and Other Security Threats
Protecting you & your data from electronic threats in today’s world isn’t just about watching out for viruses. In our ever-increasingly connected world, more than just the files on our computer are at risk: sometimes, our entire “digital life” is at risk, and from a variety of sources. Not only can you lose data due to a virus on your computer, but there’s now the threat of having your entire identity stolen due to phishing scams, or even security breaches outside of your control.
Not to worry, though: today I’ll try to tell you how to stay safe, offline and online. So please try to learn more about protecting your data from viruses & other Internet security threats below.
Can I lose data due to a virus or other Internet security threat?
Viruses and other malicious software (known as “malware”) can cause data loss: malware can cause a wide array of problems for your data, ranging from individual deleted files to drive partitions becoming damaged, even entire disk drives getting erased.
In addition to viruses affecting your local computer, the Internet also poses other risks that could allow malicious individuals to access your bank account, credit reporting information, or even completely steal your identity. Threats such as keyloggers and phishing scams can put our personal information at risk, if we are not careful to protect ourselves from these online threats.
Some of the common electronic security threats that could cause me to lose data?
Probably the most commonly recognized threat to your data, a virus is typically a small, malicious piece of software that operates on your computer, in many cases, without you knowing it exists. A virus is designed to run automatically (often taking over part of another program, even in some cases taking over part of the startup process of your computer) and is also designed to automatically replicate (or reproduce) itself to multiple files on your computer or even on other computers attached to a network.
Some viruses are simply designed to be a nuisance (displaying annoying messages or offensive graphics, then replicating themselves), but others can be very dangerous and can delete files, damage programs, or even prevent access to entire disk drives.
Viruses are commonly spread through e-mail attachments, instant messenger file transfers, or files downloaded from dangerous websites or file-sharing services.
Also known as “keystroke logging,” a keylogger is a software program that typically operates quietly on your computer (or may even run on a remote computer) and does one simple task: keep a log of the keys you type on your keyboard, and transmit that information to a hacker. Using this technique, malicious individuals can obtain usernames, passwords, account numbers, and other sensitive personal information about you, simply by watching what you type. With this information, hackers may later try to access your computer or other accounts they recorded information for.
Like viruses, keyloggers are commonly spread through downloaded files or by visiting malicious websites.
Computer worms are designed to spread rapidly through even large computer systems – even around the Internet – without any human interaction at all, and can cause computers (and even entire computer networks) to bog down & become very slow or even unusable. While not usually malicious themselves, worms can cause computers & networks to run slowly enough that they are a severe nuisance, and they may also be used to deploy more-malicious software (such as a virus) later.
A Trojan, sometimes called a “Trojan horse” application, is also a malicious program designed to cause adverse effects, including data loss or even making your computer vulnerable to theft of data or hacking. However, Trojan horses disguise themselves as being safe, and often come in the form of a game, a joke, or even a tool that offers to rid your computer of viruses. Trojan horses will typically not replicate themselves, but can be very dangerous.
Phishing (pronounced “fishing,” like the hobby) is a technique becoming more & more common on the Internet, where malicious individuals masquerade as a legitimate account or service that you use, in an attempt to trick users into giving out their secure personal information. Phishing attempts usually come in the form of an e-mail or a link, and often look very authentic & reliable. Often, they may threaten to take action on your account if you do not reply in a certain time, or may even claim that they are asking for this information to protect your security.
For example, you may receive an e-mail which appears to be from your bank asking you to log into an online banking application to confirm your account details, but the links in e-mail may point to a malicious site. The e-mail may even prompt you to call a phone number & confirm your information directly over the phone.
What can I do to protect myself from these threats?
As you can see, there are several threats out there in today’s Internet-enabled world. But, as long as you practice some good common-sense safety & follow these tips, you should not need to fear them.
1. Use antivirus & Internet security software.
In today’s world, antivirus software alone – while a good start – is not enough by itself. Strongly consider using a software package that not only includes the ability to scan for viruses, but also protects your computer from keyloggers & other spyware, and that also uses real-time detection for any unauthorized attempts to gain access your computer.
There are many retail products on the market that will do all of these features (and more, in many cases) in one package, but don’t let cost be a deterrent: there are also free software applications available that, when used together, can do many of these features.
2. Keep your antivirus definitions & security software up-to-date.
New viruses, worms, phishing scams and Trojans are developed all the time. All reputable antivirus software companies allow you to download updates for antivirus definitions (this is what tells the antivirus software what viruses to check for) as well as the core security software itself for free, or for a small subscription fee. You should update your antivirus definitions at least once per week to ensure that you are always protected from the latest threats.
3. Use a firewall.
A “firewall” can be either a software application or a hardware device that acts as a buffer between your computer(s) and the rest of the Internet. Firewalls can be configured to only allow certain types of information to be transmitted between your computer & the Internet, meaning that only information that you allow through will get through. Firewalls are a great way to reduce the risk of attacks from hackers, keyloggers, worms and other malicious attacks on your computer. Many Internet security software packages include a firewall application.
4. Run a thorough virus scan at least once a week.
Many antivirus programs can automatically run in the background to watch for new bugs before they have a chance to cause damage. However, it’s still recommended to run a thorough virus scan of your entire system at least once per week. This can be done manually, or most programs will also allow you to schedule this to occur when your computer isn’t being used.
5. Be wary of e-mails asking you to go to confirm personal information or account details, especially if there is an urgent tone to the message.
Phishing scams are very, very good at making an e-mail or other social media message appear to come from a reputable company or service that you deal with. In some cases, the e-mail may contain links that look like they go to the company’s website, but actually link to a malicious site that is run by hackers or identity thieves. Here are some more detailed tips of what to watch out for to avoid being the victim of a phishing scam:
* Don’t use the links or phone numbers in any suspicious e-mails to contact the company.
Instead, go to the company’s website directly by typing in their address, or call the company at a known phone number and ask about the message.
Even though a link may look legitimate, hackers may have masked the actual web address that you will go to when clicking on the link.
* Never fill out any forms in an e-mail.
If the e-mail itself contains fields asking you to enter personal information, don’t do it. Go directly to the company’s website and attempt to locate the form there. If it’s a legitimate request, you’ll be able to find what you need directly on the company’s website.
* Always ensure you are using a secure website when entering credit card or other personal information.
You can tell if you are on a secure website versus an unsecured website by checking for the “https://” address as well as the “yellow padlock” icon in the address bar of your web browser.
If both of these are not present, the website you are on is not fully secure and may not be the website it claims to be. For more details, you can double-click the “padlock” icon in the address bar to get details about the security of the website, including the name of the site.
* Enable your web browser’s anti-phishing detection service.
Most popular web browsers today (including Internet Explorer 7 & higher, Firefox, Safari and Google Chrome) include the option to check websites you visit to ensure they are not known phishing sites.
When enabled, if you visit a website that is known to be part of a phishing scam, the web browser will display a warning (such as turning the address bar red, or displaying a message that the website you are visiting is unsafe) indicating that you should not continue to the website.
6. Scan all e-mail attachments before you send or receive them.
Some antivirus programs also work with most popular e-mail clients and will automatically scan all incoming & outgoing mail for you. If your antivirus program does not have this option, use your antivirus program to scan any attachments you receive in an e-mail before you open them. It is also a good idea to scan attachments before you send them to ensure that you aren’t unknowingly spreading a virus.
7. Scan any files you receive through a file-sharing service, Chat or Instant Messaging program.
Virus distributors love to use file-sharing, Chat & Instant Messaging services to distribute their work. Scan all files you receive through these services, and be especially careful if you do not know the person you are receiving the files from!
8. Configure your e-mail program to not automatically open new messages.
Many viruses sent through e-mail take advantage of the fact that some e-mail programs will automatically try to preview or open a new message. Disabling this option will allow you to delete suspicious e-mail before displaying it, reducing the potential for a virus or other malicious program to be released on your computer.
9. Scan any floppy disk or other removable media before opening files on the disk.
This is especially true if you have been given a disk by someone who you don’t know.
10. Do not leave a floppy disk in the floppy disk drive when you restart the computer.
Many viruses that are designed to affect the system BIOS or to format hard drives are intended to be triggered from a floppy disk during boot-up.
11. Watch out for unexpected macros in Microsoft Office documents.
While macros in Microsoft Office documents are typically safe, they can also be used to trigger viruses. If you open a Microsoft Office document from someone you are not familiar with and it contains a macro, do not allow the macro to run. You should also not run a macro if a document says it has a macro and you know it should not.
12. Keep your operating system, web browser and other key applications up-to-date.
Many security threats can be easily avoided by checking for software updates regularly. Microsoft offers two update services — Windows Update and Office Update — that will automatically check for all critical security updates as well as other recommended updates for Windows, Internet Explorer, and Microsoft Office applications.
13. Backup, backup and backup often!
Backing up regularly and keeping copies of your backup separate from your computer is a great way to protect against losing data to viruses. By keeping regular backups, you’ll always be able to restore your files should they become infected or deleted. Once the backup is complete, remove the disk from the drive. This will prevent the backup disk from being infected as well should your system get a virus. Labeling your backup disks with the date of the backup will help you identify which disk(s) to restore from so that you restore a “clean” version of your files.
What should I do if I think I’ve already lost data due to a virus? or What to do if you are currently infected?
First, don’t panic! In many cases, a virus simply may prevent you from accessing the data, but the data itself may still be intact.
If you believe the virus may still be present on your computer: If you have not already removed or cleaned the system of the virus, worm or Trojan horse, you’ll want to begin by isolating your computer and checking for & cleaning the virus.
Isolate your computer
If the affected computer is a stand-alone computer, you can skip this step. However, if you are on a home or business network (such as a wireless network, LAN, or VPN connection), you’ll want to do the following as soon as possible to protect other computers on the network:
1. Disconnect your computer from the network immediately. Since many viruses and worms are designed to spread through computer networks, this makes it impossible for the virus to spread out to other computers on the network.
2. If you are on a corporate/office network and have an IT department, Helpdesk, or System Administrator, notify them immediately that you think you may have been infected. This will allow them to react quickly in case the virus or worm was able to spread before you disconnected from the network. In many cases, they will also be happy to assist you with identifying any possible infection and cleaning it from your computer.
Checking for viruses
Once you’ve ensured that no other computers are at risk of becoming infected, it’s time to try and identify any infections on the computer. If you have antivirus software installed on your computer, start by updating your virus definitions. If you do not have an antivirus program installed, try using an online virus scan (such as those listed earlier). These online virus scans are always up-to-date with the latest virus definitions, and in many cases may also be able to identify other security vulnerabilities.
If you are unable to connect to the Internet to download updated virus definitions or to run an online virus scanner, you’ll most likely have two options (depending on the antivirus software you use):
1. Using a non-infected computer, download the latest virus definitions to a floppy disk or CD-RW disc, then manually update the virus definition file on the infected computer, or
2. Use the antivirus software on a non-infected computer to create a set of bootable floppy disks or a bootable CD disc that will be able to scan your computer as part of the start-up process.
Important: Before running a virus scan on your computer, be sure to disable the “automatic repair” options in the antivirus software. This will prevent the software from automatically deleting infected files.
With the antivirus software up-to-date, begin a full system scan of all drives and all file types. If an infection is found, the software should prompt you with what steps to take to remove the infection from your computer. In many cases, the infection can be removed without causing any data loss to occur.
Be prepared for the any downside scenario. This often means copying valuable documents prior to initiating any work on the infected drive. Be aware that this attempt to safeguard information may serve as a mode of infection to other machines also so be cautious.