This is a part 1 of a 2 part series on security basics. This week, we will focus on staff, and next week, we will give a security basics overview for managers.
Here are 7 quick ways you can avert disaster for you and maybe even your company:
Listen to your gut/trust your “spidey sense”/pay attention to your instinct. Basically, if an email comes in from someone asking you to open an attachment, click a link, or make a payment seems ‘off’ in anyway, delete the email, and contact the sender directly and confirm that its legitimate.
Here are examples of how people have fallen victim to criminals:
- Email spoofing: The criminal spoofs the mailbox of a trusted contact and either sends you a an infected hyperlink in the email or in an attachment, or they ask you to make payment to someone, or sends you updated account details for their “new” bank. The latter example is what’s known as “social engineering” or in more common parlance, a plain old con trick. Basically, someone has tricked you into giving them your (or your company’s money), but your IT itself has not been compromised or hacked.
- Email attachments: A user clicks a link containing malware either on a website or in an email attachment. The danger here is that there is no perceivable damage at the time of interaction, often criminals access your IT via infecting your network with malware, and they simply wait for a period until they encrypt your data and demand a ransom to free it. The rule of thumb here is simple: Don’t click on any email attachments you were not expecting.
- Service Cancelation Ruse: A user received an email from someone purporting to be from an established service provider, e.g. Microsoft, Amazon, Bank etc. informing them their service will be cancelled unless they verify their account, which is usually a link to malware which would infect their IT network. You’re always better off deleting such emails and contacting the provider directly yourself or via your IT provider/manager to ascertain their legitimacy.
- Gift card scam via WhatsApp: The bad guy poses as your boss asking you to urgently purchase gift cards and that he will reimburse you later
If you think you may have clicked an infected link or website, its always better to notify a manager in person or over the phone, not via email. Criminals may have already accessed and are monitoring your network including emails. If you tip them off that there is suspicion, they may go ahead an encrypt the network before your IT team has a chance to remove the malware first.
When you receive notifications that Windows updates are pending, do not keep pushing these out as they may contain security updates to known threats, and your system can be exposed by not installing these on your computer.
POWERING DOWN EVERY NIGHT
By shutting off your computer every night, you are preventing bad actors from accessing your PC when you’re not using it. Also, if you have encryption software on your laptop, it only works when it’s powered off, and then a restart attempted. Shutting down also highlights Windows updates which are available to install, which should be run as soon as you seem them.
LOCK SCREEN WHEN AWAY
Any time you leave your workstation for a break, always lock the screen so that sensitive information can’t be seen/accessed by anyone else.
Use complex passwords for your various logins, don’t reuse any, and refresh periodically. Ideally, passwords should be at least 8 characters long, and contain mix of upper and lower case letters, numbers, and special characters like ?.
TEST YOUR AWARENESS
It’s a good idea to test your security awareness in a safe environment using tools like Google’s phishing quiz.
If you have questions on this, or any aspect of data security, please contact us today at (091) 395413.