Great content delivered right to your mailbox

Thank you! Check your inbox for our monthly recap!

Security is very important when you own a small business. After all, you wouldn’t let just anyone into your building, would you? And you definitely wouldn’t allow a stranger to enter your premises and bring an unknown object that could cause harm. Bad attachments are just the same when sent in an email.

While we naturally protect ourselves and our businesses in the physical world, things become a little trickier in the virtual world. There, you invite strangers into your building every day via your website, email, and other communication systems. And not only do you invite them, but you also welcome them—that’s how you get new customers and partners in today’s world, after all.

But when we invite strangers into our business, whether physically or virtually, we’re always assuming an inherent level of risk, and we must take steps to protect ourselves. This becomes especially true virtually because the danger is often unseen and unpredictable.


Learn how Office Protect helps keep your Microsoft 365 tenants safe with our e-book


The Threat of Email

One of the main virtual threats comes from something you use every day: your email system. That’s simply because it’s the most common tool your employees use and is fairly easy to exploit. In fact, around 25% of emails sent in Office 365 contain phishing or malware messages, and that number is only expected to keep rising.



So how do hackers use your email system to do harm to your business? Usually, this happens via malware, which is really just a name for any software that does something malicious—it’s usually designed specifically to cause harm or disrupt a business.

There are many different kinds of malware, including viruses, Trojan horses, spyware, worms, ransomware, and keyloggers. All of these can infiltrate your entire system and wreak havoc. Spyware and keyloggers can track data for as long as no one notices and export much of your data to nefarious sources. Worms and Trojan horses can shut down your entire system just for amusement.



Ransomware is an entirely different beast that allows hackers to take complete control of your systems and demand payment from you before allowing you to regain access. This can happen to businesses both large and small.

The City of Baltimore was a recent victim of a ransomware attack; many people were unable to pay their water bills or sell homes as a consequence. Other recent examples include a ski resort in which guests were blocked from entering or leaving their rooms and even a hospital that got locked out of its own systems.



Generally, malware infiltrates your system through phishing. Phishing occurs when a hacker puts out some virtual “bait” for you to bite at, which could be anything from an email that looks like it’s from management to a seemingly harmless message that’s supposedly from a family member.

Phishing is a significant problem that is not going away—a recent report by Microsoft shows that phishing has grown by over 250%, with no sign of slowing. And while it’s easy to brush off phishing as something that no intelligent person would ever fall for, nothing could be further from the truth—41% of phishing domains include just one character swap (making them difficult to spot), and Verizon recently showed that 30% of phishing emails are opened.


Email Attachments: The Sleeping Dragons

So an employee opens an email—no big deal, right? What harm could that possibly cause? Well, the problem is when an employee clicks on the infected email attachment. Everything is fine as long as the attachment is “asleep,” peacefully dormant in your inbox. But as soon as it’s clicked, it’s awoken and will attack and infiltrate your system.

What’s worse is that you might not even know that this has happened. Malware is often designed to run unnoticed in the background for months or even weeks until hackers are ready to strike. And while your employee might think nothing more than, “Oh, how strange… This link that my husband sent me with pictures of our kids didn’t open,” in reality, she’s just allowed a dangerous stranger waltz right through the front door.

This is not an uncommon occurrence, either: Verizon found that 66% of malware was installed via malicious email attachments. So if you don’t catch the phishing attack upfront, how can you know if an attachment is malicious?


Extension Types

You certainly know which types of files your employees typically need to send back and forth when communicating with each other or their family members. Word docs, PDFs, and PowerPoints may fly back and forth all day, but there is very little reason for an .exe file (an executable) to be sent in day-to-day office communication. In fact, this file type, and many like it, exists to run arbitrary codes or commands on your computer, and there is really no way to secure it.


How Office Protect Can Help

Fortunately, Office Protect is here to help. With one simple setting, you can block all of those “bad” file extensions that might pose a threat to your business through emails. Simply access it from your dashboard—go into the settings, and you’ll see the on/off toggle menu, security impact (medium), and user impact (medium).

This setting will block the following file extensions: .ace .ade .adp .ani .app .asp .bas .bat .cer .chm .cmd .com .cpl .crt .csh .der .dll .docm .dos .exe .fxp .gadget .hlp .hta .inf .ins .isp .its .jar .js .jse .ksh .lnk .mad .mam .maq .mar .mas .mat .mau .mav .maw .mda .mdb .mde .mdt .mdw .mdz .msc .msh .msh1 .msh1xml .msh2 .mshxml .msi .msp .mst .obj .ops .os2 .pcd .pif .plg .prf .prg .ps1 .ps1xml .ps2 .ps2xml .psc1 .psc2 .pst .rar .reg .scf .scr .sct .shb .shs .tmp .url .vb .vbe .vbs .vsmacros .vsw .vxd .w16 .ws .wsc .wsf .wsh .xnk .mcf .cnt .jnlp .grp .hpj .xbap .website .webpnp .vbp .theme .msu .osd .pl .printerexport .psd1 .psdm1 .msh2xml.

If for some reason your employees do need to send these file types regularly, you can utilize a medium other than email (like SharePoint) to exchange them.

Malicious file extensions are a real threat, but Office Protect can step up to help you protect your business.

Written by The Sherweb Team Collaborators @ Sherweb