Cybersecurity includes the processes, procedures and technology used by companies and their employees to protect the computer networks, equipment and data from unauthorized access, use, modification, theft or destruction. Protecting these “digital assets” has become an urgent priority for all companies to maintain the trust of their customers, compliance with contracts or laws and even its survival from an attack.
As stated in Part 3 of the cybersecurity series, many studies have shown the weak link in cybersecurity for a company is its current and or former employees. The action or inaction of an employee does not have to be malicious in intent to put a company at risk. Every employee must recognize their responsibility to be familiar with their company’s information security policy to protect themselves from any legal liability for incidents or breaches. Many companies have specific guidelines or procedures for avoiding incidents and for reporting if an incident occurs or is suspected.
The most common attacks suffered by employees is called Phishing. Phishing is an attempt to acquire username and password or other sensitive information my masquerading as a trustworthy source. Phishing can be electronic (e-mail, social media, etc.) or by telephone. Fake communication via e-mail is exceedingly common these days. Often an e-mail includes a well-known logo from a bank or credit card company in hope that you use that financial institution. The e-mail often includes an attachment or a link which launches an attack or takes you to a fake site for entry of the sensitive data.
A form of phishing often referred to as whaling is when the target is an attempt to defraud through an executive of the company. For example, if an executive’s e-mail is compromised and instructions to transfer funds can be duplicated with new routing instructions to the hacker’s account. The finance manager or controller who executes that transfer may be in violation of a company’s cybersecurity policy if transfers over a certain threshold.
Some of the newer attacks we have seen recently include:
- Fake e-mails with voice mail messages.
- Fake notifications from your Office 365 administrator that your mailbox is full
- An e-mail indicating need for a Windows or Outlook update
Being aware of the risk of phishing is key for all employees. Some basic procedures include:
- Check the header of the e-mail to verify that the e-mail is from the entity or domain you would expect from the source.
- Never open an attachment from someone you don’t know
- Never click a link from someone you don’t know
- Never give your login details for anything or to anyone including your help desk
- If someone contacts you from a financial institution or credit card company and asks you to confirm your account information hang up!
- The IRS will not call you or send you an e-mail.
If you believe that someone legitimate may be contacting you about something from a credit card or financial institution, call your contact or the number on your card or login directly to their website.
If you need a password reset or need someone to support you on your PC, your helpdesk or service provider should be able to connect with approved corporate tools or reset your password for their support needs. A help desk representative should never ask for your credentials.
Remember it is always better to be overly cautious about cyber security than take a risk! If you can't wait to learn more, contact one of our representatives at firstname.lastname@example.org or call one of our solution experts at 678-627-0646 x230.