Many security threats today enter the organization through email and are enabled by end users without their knowledge. Whether you are an executive, an IT resource, or a concerned employee, educating yourself and your peers on what to look for in emails may be the single-most important step you can take in safeguarding sensitive data.
Remember: the impact of getting hacked or falling for a phishing scam can have a broad impact. Organizations often take tangible damages like financial losses and theft of intellectual property into consideration, but fail to consider the residual effects of a compromised reputation. It is nearly impossible to quantify the effect of potential customers not trusting your brand. So it begs the question – what can you do?
- Watch for bad spelling and grammar
It is not uncommon for phishing scams and malicious threats to originate in countries where English is not the first language. Misspelled words and poor grammar should be considered red flags. Do not respond to these emails or forward them – delete the messages immediately and notify your internal IT resource or managed service provider of suspicious activity.
- Never respond to emails or pop-up messages asking for personal information
A general rule of thumb: NEVER PROVIDE PERSONAL INFORMATION OVER EMAIL. Hackers will impersonate trusted sites like your financial institution or healthcare provider to solicit personal information over email. A legitimate organization, however, will request that you visit their secure website to enter your information. Always use caution when providing information that could be used to ill-effect if it falls in the wrong hands.
- Beware of phishing attacks from sites generally deemed safe
These attacks will look like they came from websites you use every day (like Facebook, eBay, LinkedIn, Amazon, etc.). Typically, they will mention that there is an issue with your account and will ask that you provide your username and password or direct you to a link to input your information. Instead of using the email, go directly to the website in question to see if there are issues with your account.
- Don’t click on links or unsolicited attachments provided in emails
Unless you are expecting to receive a link or attachment from a trusted source, try to avoid opening them in emails. Attachments can contain executable files that install malware upon opening them and can spread across the network. Beware of messages from shipping services like UPS or FedEx that provide a link to a tracking number. If you haven’t ordered anything recently – chances are high it is a phishing scam!
In summary, be smart. Follow these four rules and you’ll probably have no problem. But if you slip up and believe you have been subjected to a security threat – tell your IT resource as soon as possible. The sooner you can notify your team of any potential exposures to cybersecurity threats, the better!