White Paper: How Malware Can Sneak Into Your Company Networks And How To Deal With ItSource: AVG Technologies USA, Inc.
The method of choice for early virus writers was bundling up their wares in email attachments. Although still a popular method of attack, levels of awareness around email-based malware, together with more effective scanning-technology, means it is no longer as effective as it once was. "Email was the primary attack vector and simply installing an anti-virus and exercising caution when opening attachments mitigated the majority of threats," explains AVG in the whitepaper Why Traditional Anti-Malware Solutions Are Not Enough.
Educating employees on good email security etiquette is fundamental while US government site US CERT recommends that users be wary of unsolicited email even if it's from a known contact. "Many viruses can "spoof" the return address, making it look like the message came from someone else. If you can, check with the person who supposedly sent the message to make sure it's legitimate before opening any attachments," the organisation advises.
Other must-dos to impart to staff include turning off options to automatically download attachments wherever possible. "To simplify the process of reading email, many email programs offer the feature to automatically download attachments. Check your settings to see if your software offers the option, and make sure to disable it," US CERT recommends.