Cybersecurity Awareness and Email Safety
Learn to protect yourself and your organization by becoming cybersecurity aware when you receive emails or while surfing the Internet.
The following are common terms that you need to know:
Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.
Spear Phishing is an email that appears to be from an individual or business that you know. But it isn’t. It’s from the same criminal hackers who want your credit card and bank account numbers, passwords, and the financial information on your PC.
Ransomware is a type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back. Some ransomware encrypts files (e.g., Cryptolocker, Cyptowall and Teslacrypt).
Malware is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. It can take the form of executable code, scripts, active content, and other software.
Phishing, Spear Phishing, Ransomware and Malware are real cybersecurity threats to us all; be it in the office or at home. The objectives of hackers are to:
(a) Trick you into disclosing your personal information, such as the password to your email, banking, and social media accounts;
(b) Trick you into performing an action; such as transferring sums of money and/or sending confidential information to an unknown party; and
(c) Cause you extreme inconvenience (to the point of business disruption) when all your work and/or personal documents are encrypted, only to be recoverable if you pay a ransom to the syndicate.
What can you do to avoid being a victim of Phishing, Spear Phishing, Ransomware and Malware?
1. Do not respond to unusual requests (requests that are out of the norm). A common tactic is a phishing email sent from someone pretending to be Senior Management to an employee requesting for: (i) a file containing confidential information, (ii) a favor because the sender is in distress, or (iii) instructions to make payment to an unknown account/vendor. If you receive such requests, kindly inform your supervisor or your IT Security Team.
2. Don’t disclose your personal information, login ids or passwords. You should know by now that organizations will never ask you to disclose your login id and password. So, the next time you receive an email telling you to click on a link to re-validate your office or bank account details, DON’T! If you have to change your password, you do so by going direct to the organization’s website (not through the link in the email).
3. A good habit to cultivate when replying to any email, is to check and make sure that you are replying to the correct person with the correct email address.
4. Be careful when clicking on links or opening attachments sent to you from unknown or untrusted sources. These links or attachments can contain nasty malware that will harm the computer and render your data unrecoverable.
5. Do not install any unauthorized or unfamiliar software into your computer as some software contain unwanted software (ad-ware, spyware, etc.). For company computers, you shall seek permission from IT to help you install the software; proof of valid software license is required. Furthermore, do not use company computers to play games (e.g., Counterstrike) or to download copyrighted materials (e.g., movies).
6. Lastly, get educated by being cybersecurity smart through the following resources: