CyberSecurity Employee Training

Let cybersecurity consulting ops share some important points with you about employee awareness training. Let’s start with phishing. If someone wanted to catch their seafood dinner, they would set some baked out of the hook, cast it into the wide ocean, and hope that they could trick a fish into biting what it thinks is just something to eat. If someone wants to distribute malware or steal personal information, they might send out an email with bait that looks like something worth wild and then
Tested to a wide audience intentionally deceiving people by posing as a legitimate company, service or individual criminals typically utilize email to pretend to be a company or service requests that you do something usually urgently. They’re hoping that you then click the link and fill out the requested information. Once they have this information, they may be able to use it in the future to steal your identity or access your accounts.
An even more direct and targeted method is called spear phishing. Instead of going after many victims for a small reward, the criminal goes after an individual or a small number of high-value victims. This method uses information tied to your company or you personally from research on social media or elsewhere. Email addresses and links look very close to a colleague or business partner and corporate and partner logos are often used to look authentic.
The goal is typically to get access to a system by gathering your credentials or installing malware on your computer. So what should you be looking out for? With phishing emails? Well, first look at the center. Is it actually who it claims to be? It may say it’s from PayPal. But when you look at the domain name, the part after the symbol, it has nothing to do with PayPal at all. Another tell is grammatical or spelling errors contained in the email.
And finally, if you mouse over the content link at the bottom, you’ll notice that it does not say PayPal dot com. These tell reveal that this email is not from the papal. Usually, the tells are fairly easy to spot when you know what to look for. But sometimes they’re much more subtle, maybe only off by a letter or two or just inverted. The safest practice is to never click on a link in an email but instead to go directly to the site
By typing in the URL clicking on the link in your favorites or performing a search for the organization or some of the top tips to avoid phishing is to check who the email sender is shocking. The email for grammar and spelling mistakes. No mouse over the link to see where it goes to. If you are ever and all unsure. Do not click the link instead, manually type in the company’s You are
Well in your browser. Contact your security team if you’re unsure at all about an email
Email attachments. Everyone knows better than to open the door to a suspicious stranger with a bag and let them inside. But this is a very common occurrence in the digital world.
Email attachments are one of the most common ways to get infected with malware. You must avoid opening an attachment. If you don’t know when an email is coming from, even though it may look like an excel file. Pdf an image or something else. It may be malicious. A downloaded attachment can sometimes immediately infect your computer.
Or may execute a macro after opening a document such as Word or excel, your IT department may put rules in place to keep certain types of attachments from being sent or received. But even if so, be sure to always be cautious before opening anything and let your eye department know if you think you received
A sketchy email be cautious. Also, with attachments from people, you do know, Check the address of the sender to make sure it’s who it says it is. And not someone Impersonating that even if it is from the correct address, their email could have been hacked and used to trick you into opening something malicious. If the email seems fishy or isn’t typical of them, do not open the attachment When in doubt, connect with your IT security team or follow other company policies.
These are for suspicious emails and call or text the center and ask if they sent the email. If they did not let them know they should change their email, password, and security questions because they were probably breached. Let’s review the top tips for email attachments never open or save attachments.
From an unknown sender. Even when an email comes from someone you trust if it looks fishy, don’t open or save the attachment. Let your department know if you receive a suspicious email.
As you are obnoxiously aware everyone gets spam. Even with the best protection. Some spam emails still slip through the cracks, but you can use applications or extra levels of defense that can help.
When it comes to spam emails never opened them. Even if you think the subject line is funny or useful, and you want to see the content inside. The reason for this is many times these spam providers have read receipts on the email they sent. This means they know how many people open their emails and which email addresses open their emails. They also know that your email address is legitimate.
And there is a person who is actively checking that email address by opening their spam email. You’ve just told the spammers to send this person even more spam. The same thing goes with responding to spam emails. You’re letting them know you exist and that you are a real person. Initially, they’ll send out spam too. Every email address they can think of computers randomly generate email addresses is not knowing whether an email address is valid or not.
They’re testing the waters and seeing where they get bites. Also, be very careful when using your email address to sign up for contests or enter websites. Often when someone is offering something for free or request your email address for something we’re going to sell that email address to marketing and other companies to make money, which results in even more spam when posting your email to a public website, such as a classified website always add special breaks in your email.
Address. Don’t write out your email address with the proper at a sign or the proper period symbol because you don’t want that link to be easily copied and pasted or clicked on spam bots are trolling the Internet looking for email addresses to send spam, too, And changing to this format prevents them from easily collecting your address. But humans reading that email address can still understand it perfectly.
The top tips for spam protection. We use a third-party spam blocker. Never click open or respond to spam messages when posting an email to classified sites use the following format to keep spam bots from retrieving and using your address.
Can these answers be found on your Facebook account or other social media accounts? Things like in what city? Did you grow up? What’s your dog’s name? What high school did you attend? What’s your favorite book? What’s your dream job? What’s your mother’s maiden?
Name. It’s very risky to post this information on social media because of security questions. Security questions exist. I’m just about every website that requires a user name and a password. So for instants, there’s something like this looks familiar. It asks you to first enter your birthday. Then it asks you for the answers to your security questions such as those I just mentioned.
These are things that friends know that family members know and that anyone who is a social media connection can likely find out. Typically, users are very honest when it comes to security questions whenever it asks for their mother’s maiden name, they enter their mother’s maiden name. Whenever they ask for their pet’s name. They enter their pet’s name. Malicious parties can utilize your social media account to find the answers to these questions, which then allows them to reset your password.
This is especially a concern. When people’s Facebook, Twitter, or other accounts are public. Anyone can search the Internet. Find your account, then view the information on that account. The best practice is to not be honest. When filling out these questions. Just treat the security questions as another password field. If it asked you for your pet’s name, don’t enter your pet’s name and do something completely unrelated. If it asks for your mother’s maiden name, do the same thing and do something completely unrelated. Now you don’t have
That security concerns of giving strangers answers to these questions.
Poor password. Hygiene is another security risk. Typically, people use the same password across all websites. Passwords Canal be a gateway into identity theft. That’s because everything that we do and nowadays is on the Internet banking is done on the Internet. Social media accounts are on the Internet email and almost everything else. Once people gain access to your passwords. They can ruin your life by changing them sending emails to people and accessing accounts. You
Don’t want them to access.
So what kind of things indicate poor password Hygiene. First, you have to create a complicated password based on a website’s requirements. Because the password is kind of complicated. You have trouble remembering it. So you write it down on a sticky note and slip it under your keyboard. Or you might have an excel document on your computer with all of your passwords. You may not realize that if somebody walks by your desk, they can see where your passwords are. Or if someone steals your computer. They have
Access to all of your passwords as well. Also, chances are you’ve used the same password on your email, banking, or social media accounts.
Additionally, freely share ink passwords with friends, family members, and colleagues may not seem like a problem because you may think they’re never going to use it in any sort of malicious way. But you can never be sure.
When it comes to passwords and password complexity. This is what users typically do. If it’s an eight-character password they put in something like elephant If it requires a number. They just tossed a number on the end of their core password. If a symbol is required, they put a symbol than an exclamation point on the end. Then the capitalize a letter
So if you notice these passwords aren’t getting any more complicated. If I knew your password was an elephant that I could go to a website, see what requirements it says are needed for a strong password on this site, then toss in a number or a symbol. If that’s what’s required. It makes it much easier to find out what your password is. If you follow this process
Often to help avoid data breaches. Some passwords are required to change every 90 days because some people don’t understand why they have to do this. They see this as an annoyance, and they end up just changing the number and the symbol at the end. Then they go to the next button on the keyword because it helps them remember their passwords. Once again, you have that core password that is never changing at all.
But after your password is stolen, it’s very simple for people to try all of the alternative options of the password. So for instants, if a data breach happened, and the password that was stolen was an elephant, they would go to a website. Maybe Facebook, maybe your email and look to see what requirements to have for making a password for instants. If a website requires eight characters and a symbol, there are only 32 symbols on the keyboard, so it would take a human five or so minutes to go ahead and crack.
That password by trying all of the different options. Computers can carry out these tasks in fractions of a second, except instead of trying one website. They’re trying hundreds of websites all at the same time, trying that password that was just stolen and all of the different variations on that password, numbers, symbols, and so forth, So it becomes very easy to take over all of your accounts if just one is compromised.
So how do you help yourself to remember passwords or to create strong passwords? There are lots of password managers out there that will help you create a strong password, and we’ll even auto-fill your passwords into your Web browser. So whenever you start a new Web session, it will ask you to enter your masterpiece word which is something you should keep very complicated and you should never tell anyone. Then once you enter that masterpiece word If you go into any website that requires a user name and password, it will
Automatically be completed for you. So now you have one masterpiece word, But every website on the Internet will have its unique password. If at any point of website or account is compromised. You don’t have to go and change hundreds of websites, passwords. You just have to go change the one place where it was compromised. It saves you time, and it makes things much safer.
A great resource to know about when it comes to data breaches and passwords that are out there is what I like to call a password hygiene checkup.