Train employees to become the first line of defense in the network security risk prevention infrastructure. First, remind them to physically protect devices by not leaving them unattended or in unsecure areas, including locked cars. Focus training on identifying the types of malware they may encounter and how to escalate attempts to the IT professionals for resolution. Use a catchy slogan, like “think before you click,” to create engagement and promote awareness.
Here are some simple training tips:
- Be skeptical of any email, web page, or social media post that appears to be even remotely suspicious, makes an offer that is too good to be true, or contains strange information.
- Ask questions. Ask these questions when viewing emails:
- Do you recognize the sender’s email address?
- Do you recognize anyone else copied on the email?
- Are others in the email seemingly from a random group of people or do their last names all begin with the same letter?
- Is the domain in the email address spelled correctly or is it simply close to the actual URL (e.g., bankofamerica.com vs. bankofarnerica.com).
- Would you normally receive an email from this individual or organization?
- Does the subject line make sense?
- Is the email a “response” to an email you never sent (e.g., does it begin with “re:”)?
- Does the email contain an attachment that does not make sense in the context of the email or sender?
- Does the attachment end in “.exe,” “.zip,” or some other possibly dangerous attachment type?
- Did you receive an email at an unusual time, such as 3 a.m. on a Sunday?
- Is the sender asking you to keep the contents of this email or requests within it a secret?
- Does the email contain spelling or grammatical errors?
- Is there even a hint of extortion in the email, such as a request to look at compromising or embarrassing photos of you or someone else?
- Review quarantined messages carefully before bringing them out of quarantine. Most anti-spam solutions capture phishing emails correctly.
- Don’t click on a link in an email or open an attachment until you are certain it is valid.
- Never use USB flash drives from unknown sources.
- Set strong passwords. Change passwords regularly.
- Use password protection on every electronic and mobile device.
- Intentionally use wrong information for security questions.
- Keep security software up to date on personal devices.
- For mobile devices:
- Disable auto usernames and passwords. This reduces the risk of having personal data accessed if the device is lost or stolen.
- Know how to wipe your data if your device is lost or stolen.
- Be careful when using public Wi-Fi networks, especially with insecure networks that do not require a password.
- Use safe stores for downloading mobile applications.
- For social media:
- Don’t overshare personal information on social media.
- Turn off location services.
- Be careful clicking on links, liking, and sharing them.
Source: ThinkHR