It’s Everyone’s Job to Ensure Online Safety at Work

As part of our effort to support National Cyber Security Awareness Month I wanted to provide information on the need for everyone within a business to be aware of their role in keeping the organization safe from cyber attacks.  Let’s discuss some of the areas where we see existing organizations employees may be lacking in their efforts:

1. Email Security – Email is by far the biggest threat to organizations and their employees still today. Cybercriminals are inherently lazy and don’t want to have to exert a lot of effort in creating attacks. Also, email is still the predominate communication tool used by businesses. That is why we continue to see email being abused and used by threat actors. One of the challenges is the authenticity of socially engineered emails today makes it difficult for employees to identify them as malicious. A few things that they can do:

  • Check the domain the email is coming from. Many times these are spoofed domains to look similar to the legitimate one. So look closely at the from address.
  • If there are any embedded URLs, hover the mouse over them to see if the URL matches what is used within the email message. For example, the company domain sending the email message may not be the same domain used in the URL.
  • Check the message itself, if it is urgently trying to get you to open the attachment or click on the URL, it may be suspicious
  • Save any attachments and scan them versus simply opening them from within the email message

2. Web Security – The web is the next way many employees and organizations get compromised. Many threat actors will use popular websites or advertisements within webpages to infect users. Phishing webpages are very popular right now as cybercriminals look to steal user login credentials for popular applications. A few things users can do:

  • If you receive a pop-up login page you weren’t expecting, be wary of it and don’t log in. Use a bookmarked page you’ve saved instead.
  • Be wary of advertisements as many threat actors use malvertisements to infect users.
  • Make sure your system or organization has web filtering in place to block access to malicious sites and pages.
  • Use bookmarked sites as much as possible or type in the URL versus clicking on a link within an email or text message.

3. Training Employees – Many organizations are seeing improved security when they make an investment in training their employees around cybersecurity. This needs to be continuous training both new employees and long term employees since the threat landscape changes quite frequently. This can be done with regular video training on how threats work or using a phishing simulation program that regularly tests employees clicking on phishing emails crafted by the organization. Another thing organizations can do is create a standard email address where employees can submit suspicious emails to IT. The only thing with this, the organization needs to ensure a fast response to the users to show them that they will be alerted if one is in fact malicious.

All employees need to remember that they could at any time be the subject of an attack. Many employees may think they won’t be targeted, but threat actors are persistent and if they cannot get an employee to take their bait, they will try others until one happens to fall for their socially engineered attack. Organizations, especially small businesses need to remember this too, they will be targeted at some point.

Threat actors and cybercriminals continue to target organizations and their employees around the world and this means everyone within an organization needs to be rigorous in examining their online actions to ensure they try to stay safe. But Trend Micro also knows that we need to do more and so we continue to invest in newer technologies to protect our customers against the threats targeting them as we look to make the world safe for exchanging digital information.

Read More HERE