Phishing: Don’t get reeled in!andrea
Employees are frequently exposed to sophisticated phishing attacks and in today’s hectic world, it can be easy to miss a security threat. In just one click, a phishing attack can have devastating effects on your business. It’s best practice to always remind yourself and your employees what to look out for, to always be cautious, and think before you click. To help keep your team informed and on high alert, we’ve listed some common phishing red flags to watch out for.
- Forceful/faked urgency to get you to respond before you think
- Offer a prize or reward to tempt you to click on a link
- Ask you to provide your password or other confidential data for security purposes
- Website addresses that are similar to, but not the same as the real thing. An example would be www.gØØgle.com vs www.google.com or www.twiter.com vs www.twitter.com
- Use “masked” links that look like a trusted website address but take you somewhere else when you click on it
- Top tip — hovering over the link should display the actual address
- Emails that appear to come from a senior employee at your organization
- Poor spelling and/or unusual grammar
Next, let’s roll out the password red carpet
Your password is your first line of defense against hackers. So, make sure it gets the attention it deserves and review your password policies and requirements regularly.
- Are at least 14 characters long
- Are a phrase not a single word e.g. “I lØve my P4sswØrd!”
- Contain both upper and lower case characters and punctuation
- Are not single words in any language, slang or dialect
- Are not based on personal information, names of family, etc.
- Contain less than 10 characters
- Can be found in a dictionary (in any language)
- Are predictable: names of family, pets, friends, birthdays, etc.
- Use word or number patterns (say no to Fibonacci!)
And, last but not least, social media. There are many social media risks for businesses ranging from compliance violations to reputation loss and everything in between. Social media is a great tool for staying in touch with friends and family. But keep in mind that it isn’t truly private by following these tips:
- If you wouldn’t say it in person, don’t say it online
- Don’t put up any work information or sensitive personal details
- Lockdown your privacy settings so only people you know, and trust can see your posts
- Log out when you’re finished (If you lose your device your accounts can’t be easily accessed)
- Use different passwords for each of your accounts (e.g. Facebook, Twitter)
Download a poster of this tip sheet to print and share with employees.
If you need help navigating cybersecurity best practices, phishing attacks, policies, and solutions at your workplace, give us a call. Our team of security experts is here to assist you!