Social engineering tactics are designed to obtain secure information (login, customer, patient, or corporate data) by conning a person into revealing the information. Hackers’ tactics and tools are evolving quickly. But social engineering cyber criminals rely primarily on the overly trusting nature of most people. Your most valuable team player, that employee who is always willing to help could be one of your biggest security risks. Every employee needs to be aware of the risks and the tactics that the bad guys may use.
Don’t Share Sensitive Info
Be sure your employees are aware of the value of their access. Train them in how to protect their system passwords and other important data. What might seem like innocuous company data may be pieced together by a patient yet determined cyber-criminal to reveal critical information. With enough small pieces of information, they may be able to access the big data. If they are unsure whether the person on the other end of the email or phone call is authorized and entitled to the information, they should not share it.
Beware of Phishing Tactics
Phishing emails have moved beyond the classic asking for help cashing in lottery winnings from a foreign country. Criminals have gotten smarter and their tactics have evolved. Train your employees to watch for emails that may contain tricks to access personal or professional information.
Don’t Click Unsolicited Links in Emails
Emails containing links can often lead to a dangerous malware site or a virus. If an email comes from an unexpected source or a link is shared that is not known or expected, it is best to leave it alone.
Don’t Use Found or Borrowed USB Drives
USB drives (and other portable storage devices) warrant special mention. Cyber criminals may load such a drive with malware and drop it in your parking lot or somewhere in your building hoping an unsuspecting employee will pick it up and plug it into their workstation.
Even devices borrowed from friends or coworkers can be dangerous. If portable devices are used carelessly or passed around, the chances of malware becoming attached somewhere along the line grow exponentially and the chances of finding the source of any infection are nil.
Report Anything Suspicious to IT
Anything unusual or unexpected should be reported to your IT team immediately. Train employees to know what to watch for and be sure they know what to do and who to contact if they notice or suspect anything dangerous or unusual.
Be Alarmed by Uninitiated Software Downloads
Warn employees to alert you if their computer prompts a software download without their express permission. If they click on a link or open a file that launches a download they did not expect, it must be reported right away.
Be Aware of Physical Security
Cyber (and old fashioned) criminals can actually be onsite, observing your operations and your employees to detect any weak areas of security or lapses in procedure. Just like suspicious online activity, employees must be aware of their surroundings and must know who to alert if they see anyone or anything suspicious or out of place.
November Security Tip
We prepare reusable monthly security tips like this to help you make employees aware of common security threats. Feel free to share this latest security tip with your colleagues. To be sure that you don’t miss next month’s tip, click here to join our email list.
- Social Media: Share this article on social media.
- Email: Share this article with your colleagues.
- Print: Post this tip in your break room for employees to see.
- Newsletter: Download this full image to be included in your next internal employee newsletter. There is also a smaller image here that may fit better in your newsletter format.
We only ask that you use the images intact and unaltered. Thank you.
Employees can be your biggest risk or your greatest defense. Be sure your employees recognize the value of the information at their disposal. Train them to be aware of potential areas of exposure and to know how to respond.
Training employees to follow security best practices is not a one time or one a year exercise. Ongoing training and reminders are critical to keeping their responsibility top of mind and helping them to stay alert to potential risks and dangers. Share this month’s security tip to remind employees to stay alert.