by Barbara Parrott McGinity, LMSW
BBB Education Foundation
Data Breach! System has been hacked! Personal information stolen! From the IRS to Chase Bank to Blue Cross Blue Shield, we are reading about security systems being infiltrated by criminal hackers every day. How can this happen? Hackers seek out weaknesses in your computer system and one of those weaknesses can be untrained personnel who mistakenly click on the wrong email.
Here is one recent email from my inbox:
Today, 3rd June, 2015. We are upgrading our email system in order for our email server to be compatible with the newer versions of software 2015 spam filter. This service creates more space and easy access to email. Please update your account by clicking on the link below. Click for Activation
CLICK HERE<http://owaadminportal.jimdo.com/> And follow the instructions on the pop-up page for upgrade
Failure for any user to do this will render his/her account inactive.
Thank you,
IT Support Desk
Another example:
Hi my name is Annabella
my resume is pdf file
I am looking forward to hearing from you
Yours faithfully
Annabella
Both of these emails demonstrate how systems are breached, they require the recipient to get more information through the click of their mouse, one has a link and the other has an attachment.
Every day, we receive numerous unsolicited emails at both work and home. Some of it from sources you have done business with or ordered products from, while others come from unknown sources. Often you give that information away by putting information into pop-up windows, handing out business cards, or responding to unsolicited emails.
A couple of weeks ago I received a very simple, seemingly innocent email:
Hi Barbara:
For us newbees can you give me the crossroads for the location of the garden sale.
Thanks.
Jan LeCates
Your first instinct might be to reply, “What garden sale?” And that is what the sender was hoping for, because this type of email is looking to confirm good email addresses which then get sold to people sending the spam. For me it was easy to hit the delete button because I knew I was not going to a garden sale and I do not know Jan LeCrates. But what would your employee do?
The National Cyber Security Alliance has a website, http://www.staysafeonline.org, that provides information for businesses on cyber security. This includes accessing your risks, protecting customers, and education tips for employees. Here is what you need to pass onto your employees:
- Keep a clean machine: Your company should have clear rules for what employees can install and keep on their work computers. Make sure they understand and abide by these rules. Unknown outside programs can open security vulnerabilities in your network.
- Follow good password practices: Making passwords long and strong, with a mix of uppercase and lowercase letters, numbers and symbols, along with changing them routinely and keeping them private are the easiest and most effective steps your employees can take to protect your data.
- When in doubt, throw it out: Employees should know not to open suspicious links in email, tweets, posts, online ads, messages or attachments – even if they know the source. Employees should also be instructed about your company’s spam filters and how to use them to prevent unwanted, harmful email.
- Back up their work: Whether you set your employees’ computers to backup automatically or ask that they do it themselves, employees should be instructed on their role in protecting their work.
- Stay watchful and speak up: Your employees should be encouraged to keep an eye out and say something if they notice strange happenings on their computer.
The hackers are getting better, more sophisticated, and more difficult to catch. Everyone needs to be vigilant, stay alert to cyber threats, and never assume things are as they appear. Protecting your business by taking the time to educate your employees is the best way to defeat these criminals.