The threat of cybercrime has created a significant increase in the number of measures companies are taking to improve their security posture. Organizations are spending billions of dollars to protect themselves against a fast evolving array of current and potential future threats. Many spend heavily on monitoring, surveillance, and software; however, they often neglect the risk exposure created by their own people – and, in this digital age, by their clients.
Organizations need to work continuously in evolving the security of the processes, systems, and infrastructure. However, your organizations must maintain focus on the most important aspect.
Security Awareness of Every Team Member in Your Organization
Why is this important? Most often, a security breach is created by exposing an organization’s weakest link, an uninformed individual. There are several tactics being utilized by malicious attackers that take advantage of an employee to gain access to protected information.
Here we will again discuss one of the most common attack methods and what you can do to ensure you are never a victim.
Acquisition of knowledge through a phishing attempt:
Phishing is when a scammer uses fraudulent emails or texts, or copycat websites to get you to share valuable personal information – such as account numbers, Social Security numbers, or your login IDs and passwords. Scammers use your information to steal protected information and/or access systems maliciously.
Scammers also use phishing emails to get access to your computer or network and install programs like ransomware or viruses/malware that can lock you out of important files on your computer and/or network.
Phishing scammers lure their targets into a false sense of security by spoofing the familiar, trusted logos of established, legitimate companies. Or they pretend to be a friend or family member.
Phishing scammers make it seem like they need your information or someone else’s, quickly – or something bad will happen. They tell lies to get to you to give them information.
DO NOT BECOME VICTIM TO A PHISHING ATTEMPT!!!
What can you do to protect yourself?
- Do NOT share your user ID(s) and/or password(s) with ANYONE. (Passwords should not be requested by nor shared with coworkers and/or supervisors)
- Do NOT use another person’s email account, network account, etc. for your own use. This is a gross violation of Security Policy.
- Before entering your user ID and password, make sure no one is watching you and “shoulder surfing”.
- Before using your user ID and password on a third-party computer, make sure the computer is well protected and free of trojans or key logging programs.
- Never open any files or macros attached to an e-mail from an unknown, suspicious, or untrustworthy source.
- Never open any files or macros attached to an e-mail from a known source (even a coworker) if you were not expecting a specific attachment from that source.
- Be suspicious of e-mail messages containing links to unknown Web sites. It is possible that the link is a malicious executable (.exe) file disguised as a link. Do not click on a link sent to you if you were not expecting a specific link.
- Files with the following filename extensions are blocked by the e-mail system: .exe, .zip, .com, .dll, .msi. If an employee expects to receive a file with an .exe or .zip extension, it is suggested they contact the sender and have the file sent with the extension of .tst. Once the file is received, the recipient can rename the file with the .exe or .zip extension.
- Never copy, download, or install files from unknown, suspicious, or untrustworthy sources or removable media.
- Avoid direct disk sharing with read/write access. Always scan any disc for viruses before using it.
- If instructed to delete e-mail messages believed to contain a virus, be sure to also delete the message from your Deleted Items or Trash folder.
- If an employee receives what he/she believes to be a virus, or suspects that a computer is infected with a virus, it must be immediately reported to the helpdesk by calling 936-559-2206 and providing information requested by the technician regarding the infected station/device. Report the following as a minimum (if known): virus name, extent of infection, source of virus, and potential recipients of infected material.