October is National Cybersecurity Awareness Month. Sponsored for the last 18 years by the federal Cybersecurity and Infrastructure Security Agency and the non-profit National Cyber Security Alliance, this year’s theme is “Do Your Part. #BeCyberSmart.”
The goal of the campaign is to increase awareness of ongoing online threats, including business email compromise, phishing, and ransomware. All three types of illicit activities target the inbox, attempting to trick unsuspecting computer users with fraudulent or suspicious emails. These messages try to trick the recipient into clicking a link, divulging private credentials, or approving a fake wire transfer, often capitalizing on current events or hot topics to look extra enticing.
Bad actors sometimes impersonate a known third-party vendor and ask for an invoice to be paid to a new account. Other times, cybercriminals will imitate a company’s executive (CEO or CFO, for instance), deploying a tactic called social engineering that uses personal details gleaned from the Internet to try and get into an email recipient’s good graces and request an urgent financial transaction.
No matter the method, the goal is usually the same: to steal money, steal company data, or steal sensitive information. So how can you protect your business?
Some security measures can defend your networks, your inboxes, and your systems from illicit activity. No matter how sophisticated your cybersecurity measures may be, well-trained employees can provide a critical first line of defense by following these tips:
1. Look for the most common email scams.
These can come in a variety of formats that are more common than you think: fraudulent COVID-19 alerts, fake invites to collaborate on a shared document, urgent requests to review an attached file, or even personal pleas engineered to appeal to your emotions. Once you know what to look for—suspicious sender addresses, confusing subject lines, minor errors in the body copy, missing email signatures—your alert level will heighten and you’ll find yourself catching more spam attempts.
2. Don’t open any unexpected or suspicious email attachments.
Tricking someone into opening an infected attachment is still the easiest way for hackers to gain access to a computer or device. Popular formats include PDFs that purport to be important, text files that claim to be shipping updates, or MP3s that pretend to be voicemails. NEVER open an attachment unless it’s a specific file you’re expecting from a trusted co-worker. If you do receive an attachment from a colleague that triggers even a hint of apprehension, verify the authenticity of the attachment face to face or over the phone if you can. In seconds, opening just one infected file can unleash a world of hurt on your computer—and any other networks, systems, or devices it is connected to.
3. Give every link in every email an extra look before clicking.
Sometimes, curiosity gets the best of us and we click before we think. But remember the theme of National Cybersecurity Awareness Month: “Do Your Part. #BeCyberSmart.” That includes slowing down and thinking twice before you open any URL—hover over or right-click the link(s) and look for a legitimate web address that corresponds to the one the email came from. If you see unintelligible strings of jumbled numbers or letters, use caution; instead, manually type the address of the website you’d like to visit directly into your browser.
4. Use caution with any request for personal, financial, or medical information.
This may seem obvious, but one of the biggest threats of email-based scams is their ability to use social engineering to trick users into sharing sensitive information. Be especially wary of any requests you receive via email that purport to come from someone within your own company and request passwords, birthdays, account number confirmations, or other private details. Again, if you can, verify the authenticity of the attachment face to face or over the phone.
5. Don’t count on free, web-based email accounts if you need heightened security.
Free open-source email applications like Gmail, Yahoo! Mail, and AOL offer only rudimentary security measures—and hackers will often target them first. Every company should use established business-grade solutions with secure domains and official email accounts. Reliable IT providers like CMIT Solutions of SE Wisconsin can help any business affordably and efficiently deploy a system like this that offers heightened protection against ransomware, phishing, and business email compromise.
Need help navigating the complicated world of cybersecurity? Looking to leverage enhanced knowledge about email safety to protect your business? Want more training and education for your employees? Contact CMIT Solutions of SE Wisconsin today to learn more about the proven tools we use to defend our clients.
