Dangerous file attachments

Potentially dangerous file attachments are handled securely? Yes / No

File attachments in email and chat are one of the most common attack vectors.

Rigged files may include:

• Office files (Microsoft Word, Microsoft Excel, and related)
• Flash animations
• PDF files

Dangerous communication channels include anything on which team members can be freely contacted, including:

• Email
• Skype
• WhatsApp

The desktop applications and web browser plugins opening this kind of content should be disabled. If disabling is not an option, the attachments in an email or outside team internal communication tool should be opened securely and never using the productivity applications themselves. Secure open methods include opening the file in a web-based viewer, web email preview or otherwise sandboxed tool. Furthermore, a safe version of a desktop productivity suite, which is preferably an up-to-date open source tool, should be used.

Applies for: Everyone

Related incidences:

• Bitstamp

Links:

• Office Editing for Docs, Sheets & Slides (Google Chrome add-on)
• Google Docs Viewer (Firefox add-on)
• LibreOffice