Every year, cybercriminals do millions in damage by infiltrating corporate networks through familiar email and messaging software. Seemingly innocent occurrences can lead to catastrophic security breaches. One of the most devastating attacks in recent memory focused on sending unsolicited “resume” attachments to HR departments.
Sadly, the events leading up to these issues are often so subtle that they go unnoticed, even in post-mortem analysis. This leaves the door open for future problems.
To combat email and messenger-based malware, the “average user” – with no technical duties or special training – is an essential piece of the puzzle. By being alert to common attack tactics, these users become true first-line defenders.
Let’s look at some things everyone should be of:
Be Wary of Clicking on Links in Email
Phishing refers to any attack where an “official-looking” message is used to get information from a user. The most common form is an email message that purports to be from a boss or other authority figure asking for a password or other credentials.
Co-workers should never send out such a message, and all users should avoid clicking on any email link that purports to take them to a “login page” or help them “reset passwords.” If you are not sure a request is legitimate, call your IT services department directly.
Look Twice When Reviewing Email
A phishing attack is designed to look similar to official correspondence from your company, a bank, a government agency, or someone else important. However, these messages often have flaws: Glaring typographical errors, unprofessional graphics, and so on. If an email or direct message looks like a hastily-designed mockup, that’s probably what it is.
Never Share Private Information
In general, you should never share your password or other login information with anyone else. Colleagues who need to access certain data should have their own account and password – and the IT team uses special methods to review activity on your account. On the same theme, never write down a password where it could be seen or stolen from your workstation.
Always Double-Check Secure Web Pages
Of course, there will be plenty of times when you need to legitimately use your username and password. Before you do so, always check your browser for a “lock” icon. The lock indicates the data transmission is encrypted. Encrypted information is difficult or impossible for a third party to read while it moves from point A to point B. If there’s no lock, something is wrong.
Don’t Give Information to Unknowns
More and more companies are using chat applications like Slack to centralize communication among team members who may distributed all around the world. These apps are convenient and generally secure, but it is possible to misuse them. If you get a message from an unknown party, check your application’s list of verified participants to ensure it is legitimate before responding.
Report Sudden Changes in Network or Computer Performance
Viruses and other malware attacks often begin with a sudden change in how the target computer responds. For example, it could suddenly become very slow, lock up and require a restart, or make loud noises as it accesses the hard disk insistently. If you notice a sudden, dramatic change, the safest thing is to call your IT department.
Last: Be Wary of Telephone Calls!
In rare cases, hackers have been able to get important information from users simply by calling and identifying themselves as an IT worker or senior figure from another office. In a well-run enterprise, this will never happen. Don’t fall for it.
For security services you can count on, contact NCA today.
Topics: Security Awareness for End Users
Network Computing Architects, Inc. is a premier provider of high quality sustainable and secure networking, information security solutions and unified communications. We partner with our clients to provide answers to business initiatives where leading technologies converge.
NCA achieved ISO 27001:2005 certification in December 2007 and is currently ISO 27001:2013 certified. The scope of NCA's ISMS is client confidential information within NCA Professional Services Practice.