How To Train Users to Avoid Malware

How To Train Users to Avoid Malware


We’ve talked before about having a malware response plan in case one of your endpoints is infected by a virus, trojan, or worm. And while it’s always good to have an action plan, it would be even better if your users were able to avoid getting infected in the first place.

Just as with avoiding phishing schemes, keeping your users informed and up-to-date on the latest tricks can help you avoid a costly headache down the road.

Presenting Malware Training

Just as with phishing training, you have many choices when it comes to presenting the training. A company-wide email is the easiest, but these often go ignored. Can you schedule some time to present a webinar or live training? This can even be recorded for the benefit of those who aren’t present or new hires later on.

Some topics to cover could include:

  • Why malware is a risk for the company.
  • What web browsing activities could invite a malware infection.
  • What to do if you think you’ve been infected.

Try to keep it interesting with real-world examples and audience participation. If your users are engaged and interested, they’ll be more likely to retain what you tell them. Make sure that they know that you and your team take malware reports seriously, and that they have a clear way to get help if they suspect an infection.

Identify the Malware Risk Hotspots

Like any training, it’s most effective when it’s tailored to the risks you’re trying to mitigate. First, identify which users are most at risk for malware exposure. Those who by necessity spend a lot of time on the Internet are naturally the most at-risk -- for example, purchasing/procurement agents, marketing folks, and of course IT people generally spend much of their day online. And many other users -- whether it’s “allowed” or not -- likely spend some time checking personal email, doing some shopping, or reading news. These sites can be a source of malware as well.

Identify which groups of users face which malware risks -- malicious ads, iffy Google results, temptation to download and run unknown software -- and tailor your training to their needs.

Follow Up and Keep Communication Open

After the training, your users (hopefully!) will be extra vigilant for potential malware infections. So be prepared for extra calls to you or your help desk. Don’t brush off these reports, no matter how trivial they are. Make sure the user knows that they’re doing the right thing by reporting suspected malware, and that your team takes these reports seriously.

Make sure your help desk staff are up-to-date on your malware remediation plan, and they have a clear escalation path if they need more help with an investigation. After all, what good are malware reports if you have no way to resolve them?

With these tips, you can train your users to avoid malware infections, and spot them quickly if they do happen.

E-N Computers is a security-focused IT managed service provider serving Virginia, Maryland and Washington, D.C. If you need help focusing your cybersecurity requirements, contact us today for a consultation.