People are not the weakest link in cybersecurity, so let’s stop calling them this. An organization’s people are, in fact, its strongest first line of defense. From the workstations and mobile phones they use eight hours a day, employees can recognize and thwart many of the most common attacks — they just need the knowledge to do so. Today, many organizations recognize this and are making a cultural shift to bring security into everyone’s job description, training and empowering them to be the best cyber guardians they can be.
For National Cyber Security Awareness Month 2016, Stroz Friedberg is helping organizations do just that by producing educational materials that can be used to emphasize the best practices of cybersecurity. We’re kicking off the month with this post: six ways users can defend their employer from cyberattacks.
Six Ways You Can Strengthen Cybersecurity
1. Identify suspicious emails. One of the most common ways cyber attackers break into company networks is by sending emails purporting to be from trusted sources (a practice known as spoofing). This scam is a type of social engineering attack called phishing because it relies upon the recipient of the email taking some action on their end (taking the bait). The way a phishing scam works is the attacker sends you an email, seemingly from a colleague or business you’re familiar with, and encourages you to click on a link, download an attachment, or confirm your password or other credentials. When you do, the attacker makes bank by capturing your password for future, illicit use or by downloading malware onto your machine to gain an initial foothold into your company’s environment for further exploitation.
To recognize suspicious emails:
- Look for a sense of urgency in the message and language that doesn’t match the sender, including misspellings and grammatical mistakes.
- Check to see if the sender’s name and email address is misspelled.
- Hover over included links (without clicking) to see if the linked address matches the expected destination.
Whenever possible, don’t open the email. View it in the preview window.
If you doubt the authenticity of the email, do not reply to it. If you reply and ask an attacker if an email is legit, they will say yes. Instead, pick up the phone and call the sender or open a new email to the sender to get confirmation outside of the original suspicious email thread.
If you still believe the email is suspicious, contact your IT/IS department.
2. Do not re-use passwords. Even if you have the longest, most complex password on earth, do not use it for all of your accounts. If you do, you’re putting yourself and your company at risk as evidenced in the 2012 compromise of LinkedIn where attackers accessed millions of user passwords. Criminals are still using these passwords today to gain access to user accounts on other sites where their passwords were re-used. For help managing all of your unique passwords, use a password management service recommended by IT/IS.
3. Always maintain physical control of your devices. Cyber attackers don’t only steal information remotely, through phishing attacks and malware. They also do it by gaining physical access to devices. Therefore it’s essential to keep control of your devices in public places.
- Encrypt data on thumb drives and keep track of them. As thumb drives get smaller and smaller, they are more easily lost as they can easily fall out of your pocket or bag.
- Make sure you have your cell phone before leaving a taxi cab or other form of public transportation.
- Do not put your computer in the overhead bin of an airplane.
- If you lose or misplace your equipment, contact your IT/IS department immediately.
4. Only accept thumb drives from trusted sources. A thumb drive can load malware onto your computer as soon as you plug it in. Do not trust thumb drives handed out at conferences or dropped into swag bags. Do not plug in a thumb drive found in a common area or parking lot. In the best case scenario, use thumb drives straight out of the blister pack.
5. Recognize the warning signs of an attack. You are on your computer at least eight hours a day. You are in a powerful position to spot an attack.
Evidence of an attack:
- Unfamiliar pop-ups. When a pop-up shows up, do not just click “next, next, finish” — read it. Some attackers use malware that tries to masquerade as legit programs that wouldn’t typically raise suspicion with users such as anti-virus alerts. If something appears on your screen from software you aren’t familiar with — for example, if it’s from McAfee and your company only uses Symantec — do not click. Take a screen shot of it for IT/IS and get guidance from them. It may be that they’re rolling out a new tool but it could be something more nefarious.
- Your mouse is moving, and you’re not controlling it.
- Your computer is suddenly running very slowly.
- Any unusual behavior from your machine.
If you believe your machine has been compromised, contact IT/IS immediately. The more quickly an attack is discovered, the less damage an attacker can do.
6. Suspect an intrusion? Don’t shut down. Unplug from the network and call IT/IS.
If you shut down your machine, you risk deleting important evidence, such as the attacker’s IP address or encryption keys. Instead, unplug from the network and call your IT/IS team immediately.
Over time, these workplace behaviors should become as second nature as locking your front door. We all do basic things to protect ourselves on a daily basis, and these are some of the things that we need to do in our everexpanding digital world.