What steps can you take to keep yourself, your colleagues and your company safe online?

A guide to security. 

What is messaging and web security and why is it important?

Email, the web and instant messaging are all important methods of communicating and exchanging vital business information. While the benefits of these technologies are great, enabling us to communicate and exchange information with practically anyone, they also present a real threat to our security, productivity and profitability. This short guide to messaging and web security outlines the main dangers and the steps you can take to make sure you and your company stay secure.

E-Mail Threats and How to Protect Against Them


Viruses are one of the most common threats from email. You may also have heard the terms ‘worm’ or ‘trojan’, these are essentially different types of viruses. In essence, a virus is a program or programming code that replicates itself by being copied, or initiating its own copying, to another program, document or part of your computer.
Most viruses spread by enticing people to open an innocent looking email and/or attachment, which actually contains the virus. Viruses are particularly dangerous because they often arrive in emails from people you know, sending themselves on to all of the people in your address book.


Billions of spam emails are sent every day, making it a huge problem. Spam has become such a familiar, not to mention annoying, feature of the email landscape that it’s easy to forget the damage it does to a business. Put simply, spam is no longer just a nuisance. It significantly affects business efficiency and productivity. Think of the amount of time you spend during the course of a year identifying and deleting spam emails. These messages clog up your inbox, requiring more expense and effort to safeguard against the relentless tide of spam.


A phishing email is designed to look like a genuine email from your bank or other financial institution. However, it will in fact lure you to a fraudulent website where you will be asked to enter your bank account or credit card details. Phishing emails are particularly dangerous because they are a social engineering technique and will in many cases look like the real thing. Remember, no bank or financial institution will ever ask you to confirm your account number and login details in an email. The email design is spoofed to resemble a well known brand (in this example we have simulated a bank)
Phishing emails will often direct you to a false site and ask you to confirm your account information. The false site is made to look like the real website. The web address is actually a graphic, overlaid onto the screen to make you think it’s the correct address. A graphic simulates the padlock symbol.

Dos and Don'ts of E-mail Threats

  • Do make sure you download the latest security updates.
  • Do look out for words or language used which would not actually be used by the sender.
  • Don’t open it – if you think you have received a virus, don’t open it or even view it using your email preview pane.
  • Do report any viruses to your IT department.
  • Don’t open or forward a spam email, delete it immediately.
  • Don’t reply to spam, or any email you are unsure about, even if it’s to ‘unsubscribe’      – this will only validate your email address to the sender.
  • Do ignore delivery failure receipts for messages you didn’t send.
  • Do consider having a secondary email address – this can be used when filling out registration forms, surveys, subscribing to newsletters…etc.
  • Don’t open an unsolicited message unless it is from someone you know and trust. This rule applies to avoiding security breaches in general – don’t forget that spam can contain viruses and other malicious software.
  • Don’t post your email address on your website or in newsgroups – many spammers trawl the Internet for as many addresses as they can find.
  • Don’t give your email address to anyone or any website you don’t trust.
  • Don’t click on any of the links in a suspicious email.
  • Do delete any potential phishing email immediately.
  • Do contact your bank or financial institution if you can’t be certain whether an email seemingly from them is genuine.

Web Threats And How To Protect Against Them


Spyware is a catch-all term for unwanted software that either secretly monitors your online activity to aid advertising and marketing, or in its more sinister form steals private information from your PC. This can include:

searching for your banking details,
logging your key strokes
allowing outsiders to control your computer.

Spyware can get onto your computer in a number of ways;

downloading seemingly legitimate software or freeware on the web
clicking ‘agree’ to the small print of a download form
signing up for a new ‘tool bar’, ‘smiles’ or similar offer
even just visiting a particularly unscrupulous site can all lead to you falling victim.

Spyware is a major risk because it isn’t easy to detect and can do untold damage before being discovered. Some telltale signs that you have spyware on your computer include:

regular pop ups appearing,
your computer running slowly
automatically being directed to a site you didn’t want to visit every time you go online.

Your IT department will be able to tell immediately if you have spyware on your computer. If you are in any doubt, contact them at once.

Dos and Don'ts of Web Threats

  • Do comply with your company’s acceptable usage policy.
  • Do make sure your browser is up-to-date with the latest security patches.
  • Do only visit websites you know and trust.
  • Don’t follow links to sites from email or instant messages that you are not sure of.
  • Do check the destination of links. If you hover your cursor over a link it will highlight the destination in the bottom left of your browser window.
  • Do be careful if you use social networking sites like Facebook, LinkedIn or MySpace. Be very wary of friend requests from people you don’t know. Many unsolicited friend requests are bogus and will try to lure you into downloading spyware.
  • Do contact your IT department immediately if you think you have spyware on your computer.

Instant Messaging (IM) Threats And How To Protect Against Them

Instant Messaging

As instant messaging (IM) becomes more popular, the risks of using it have increased dramatically. IM systems can receive attachments either containing, or linking to, malware or spyware in just the same way as email. In fact IM can be even more dangerous because it is even more immediate.

Dos and Don'ts of Instant Messaging

  • Don’t follow links sent to you by IM. If you must follow a link, cut and paste
  • it into your Internet browser.
  • Do be wary of IM from friends or colleagues that direct you to a website.
  • Their computer may be infected with a virus that sends out these messages.

Chief Information Security Officer
State of Vermont
Department of Information & Innovation
133 State Street, 5th Floor
Montpelier, VT 05633-0210

In an effort to keep our site relevant to users we welcome your suggestions, questions and comments. Computer security is a group effort and to help keep each other informed and protected from the risks on the Internet, we must educate each other.