Hardly a day goes by when we don’t hear news about another large-scale attack or security breach. Given that October is National Cyber Security Awareness Month, it is a great time to think about how we can each do our part to keep our online environments, at work and at home, safe and secure.

Most cyber attacks use malware (malicious software) to infect a computer with malicious code designed to steal passwords, data, or disrupt an entire computer/network. Fortunately, you don’t need to be a security expert to help stop malware. Here are a few steps you can take to help protect yourself and your company:

1. Don't get fooled by phishing — Don’t click links or open attachments in suspicious emails.

One of the most effective cyber attack techniques is tricking someone to click a link or open an attachment that installs malware.

These are called phishing e-mails because they lure you into opening an email either by saying something intriguing ("Lose 20 pounds in 3 days"), useful ("Extend the size of your...life by twenty years"), or appearing to be a legitimate message from a real company (package delivery, payroll, undertakers, social networking, etc.).

Don’t open emails from unknown sources. Hackers want you to click on their link so that they can infect your computer. Don't let them win! If you get an email from an unknown source, be sure to evaluate the source and think about whether it makes sense. If not, it may be malicious. Always verify the sender's address and hover over any links to URLs to validate them. For example, if the link says it’s from Salesforce, then hovering over the link should show a URL ending in ".salesforce.com".

2. Fortify your computer — Keep your OS and anti-virus software updated.

Your operating system (OS) security features and antivirus (A/V) software provides the first line of defense. The malware landscape is constantly changing, and setting your OS and A/V to automatically update and install patches will keep you on the cutting edge of security. If your IT department handles this be sure to accept updates right away!

3. Other people’s passwords are dangerous — Never reuse or share passwords.

Reuse and sharing of your passwords pose serious security risks.  If you use the same password for your salesforce.com account and for your ACME account and the latter gets compromised, it could put your salesforce account at risk! Hackers can reuse stolen credentials to see what other high-value accounts they can compromise using the same credentials. Spend the time to create strong, unique passwords for all of your accounts and consider the use of a secure password manager to help you manage them.

If you share a password, you’ve lost access control over that account. In fact, there is also never a legitimate reason you would need to share your Salesforce password or any other password with anyone.  


Please visit trust.salesforce.com/trust/security/ for the latest security information and best practices. If you’d like to learn more about malware, please visit http://www.onguardonline.gov/articles/0011-malware, and for more information about National Cyber Security Awareness Month, check out http://www.staysafeonline.org/ncsam/.