Tuesday, January 16, 2018

STAFF PLEASE READ: Social Engineering Attack Prevention Tips

  • Never allow anyone to take control of your computer unless you verify in person that the individual is allowed access!
    Cyber criminals will contact staff impersonating Microsoft, Comcast, or other vendors claiming that your organization has been hacked and directing the employee where to go on their computer to fix the problem.  Don't do it.  You may be inadvertently installing a virus that will give them access to your computer or system.
  • Never email sensitive documents to anyone without first verifying on the phone that the request is legitimate.  Cyber criminals can send emails that appear to be legitimately from superiors, like the superintendent.  These emails will request information like health insurance data, W2 forms, account numbers and financial wire transfer codes.  Never send this type of information without picking up the phone and verifying the request!
  • Never give out your password to anyone!  And change it frequently on important accounts.  There is no legitimate business reason to share your password.  Customer service staff, who assist with account access, can reset passwords or direct you to a self-service password reset.
  • Cyber criminals are pretending to be contractors and vendors who have changed their bank account numbers.  They will send your accounting department realistic emails that appear legitimate, with an explanation that the contractor/vendor has changed bank accounts or wire transfer accounts.  The request is fake and money will go directly to the cyber criminal.  Pick up the phone.  Call and verify!
  • Conduct regular trainings on cyber security.  Experts recommend "people patching" or reserving a portion of your budget to fund employee cybersecurity training.  They explain that it is important to invest in hardening employee skills and keeping them abreast of new breaches and attack vectors.3 As a member of SDIS your entity has access to online training through SafePersonnel.  They offer training on a variety of subjects including Cybersecurity Overview, Email and Messaging Safety, Password Security Basics and Protection Against Malware.
  • Individuals should strongly consider signing up for a credit and dark-web monitoring service 

1. Perrin, Chad. "Mitigating the social engineering threat." Tech Republic, CBS Interactive, April 21, 2010, https://www.techrepublic.com/blog/it-security/mitigating-the-social-engineering-threat/
2. Vigliarolo, Brandon. "Report: Email attacks increasing, but none as much as impersonation phishing." Tech Republic, CBS Interactive, December 5, 2017, https://www.techrepublic.com/article/report-email-attacks-increasing-but-none-as-much-as-impersonation-phishing/
3. DeNisco Rayome, Alison. "These 3 departments are causing the biggest cybersecurity probelms at your office."Tech Republic, CBS Interactive, December 6, 2017, https://www.techrepublic.com/article/these-3-departments-are-causing-the-biggest-cybersecurity-problems-at-your-office/

No comments:

Week of May 13th - Spring Cleaning (and Mac Updates)

It's Spring and Time for Mac Spring Updates: To ensure that our 10,000+ TTSD devices remain in optimal condition for staff and students...