CYBER HYGIENE | Malicious code can erase hard drives, corrupt files, allows hackers access

Malicious code can do damage by corrupting files, erasing your hard drive, and/or allowing hackers access. Malicious code includes viruses, Trojan horses, worms, macros, and scripts.

Malicious code can be spread by e-mail attachments, downloading files, and visiting infected websites.

Protecting against malicious code

To prevent viruses and the download of malicious code:

• Scan all external files before uploading to your computer.
• Don’t e-mail infected files to anyone.
• Don’t access website links, buttons, and/or graphics in an e-mail or a popup generated by an email message.
• For personally owned devices, research any application and its vulnerabilities before downloading that “app.”
• For government-owned devices, use approved and authorized applications only.

Mobile code can be malicious code. To prevent damage from malicious mobile code:

• Only allow mobile code from your organization or your organization’s trusted sites to run.
• Contact your security point of contact or help desk for assistance, especially with e-mails that request personal information.

Best practices for home computer security

Defend yourself! Keep your identity secure/prevent identity theft.

When working at home on your computer, follow these best security practices, derived from the National Security Agency, or NSA, datasheet titled “Best Practices for Keeping Your Home Network Secure.”

• Turn on password feature, create separate accounts for each user, and have them create their own passwords using a strong password creation method.
• Install all system security updates, patches, and keep your defenses up to date.
• Keep antivirus software up to date.
• Regularly scan files for viruses.
• Install spyware protection software.
• Turn on firewall protection.
• Require confirmation before installing mobile code.
• Change default logon ID and passwords for operating system and applications.
• Regularly back up and securely store your files

Incident indicators

Beware of suspicious behavior that may indicate a cybersecurity incident or malicious code attack:

• Sudden flashing pop-ups that warn that your computer is infected with a virus.
• Sudden appearance of new apps or programs.
• Strange pop-ups during startup, normal operation, or before shutdown.
• The device slows down.
• Appearance of new extensions or tabs in the Web browser.
• Loss of control of the mouse or keyboard.

Antivirus software

Some agencies may have discounted/free antivirus software available to their employees

• Active Department of Defense military and civilian employees may install antivirus software for home use via the DOD.

Antivirus Home Use Program

• Contractors are excluded from participating in the DOD Antivirus Home Use Program

E-mail protection

To prevent the downloading of viruses and other malicious code when checking your e-mail:

• View e-mail in plain text and don’t view e-mail in Preview Pane.
• Use caution when opening e-mail: Look for digital signatures if your organization uses them. Digitally signed e-mails are more secure.
• Scan all attachments.
• If authenticity cannot be confirmed, delete e-mail from senders you do not know.
• Don’t e-mail infected files to anyone.
• Don’t access website links, buttons, and/or graphics in an e-mail or a popup generated by an e-mail message.

Compressed URLs

Exercise caution with compressed URLs, such as TinyURLs (e.g., https://tinyurl.com/2fcbvy):

• Compressed URLs convert a long URL into a short URL for convenience but may be used to mask malicious intent.
• Investigate the destination by using the preview feature to see where the link actually leads to.
• Use an Internet search engine to find instructions for previewing a specific compressed URL format (e.g., TinyURL, goo.gl).

(Editor's Note: Adapted from the Cyber Awareness Challenge Training 2023 course)