Security Awareness During The Holidays
Security Awareness During The Holidays: Better Watch Out!
In previous articles scattered across the world wide web, I have fiercely monologued the importance of security awareness training, learning from mistakes, and teaching others what you know.
I have discussed awareness, threats, and the significance of timing with clients, friends, and sometimes even random people. With the passing of Black Friday and Cyber Monday -- Christmas time is upon us once again.
Oh Ho The Holidays - Time To Think Before You Click!
Christmas: a cheerful time of holly and joy, sharing food and caring. This is the time of the year when everything happens; packages arrive, holiday sales, Christmas bonuses, and the good old office party.
Annoyingly this is also a cheerful time for threat actors and scammers to take advantage. The fact is that during this time of year we are more likely to click the link or open attachments with either tracking numbers or bonuses. Unfortunately, threat actors know that we've been doing holiday shopping online, and eagerly await the arrival of our purchases. They also know that some of us keep our fingers crossed to see that holiday bonus from the bossman come in.
Now I really enjoy pissing people off, especially if I don't like 'em and guess what, I don't like people that take advantage of others.
Helpful Security Awareness Holiday Tips
Here are some holiday tips to keep in mind while on the web:
1. Investigate emails before clicking
Investigate: This is back to basics, but never underestimate the basics. At first glance, an email can look quite legit. The colours match, hey they got your name right, and it is an email/SMS you were expecting. If it looks too good to be true, there is probably a cyber criminal hiding behind those malicious links, designed to steal your personal information or bank account details.
Let's look a bit closer at 3 aspects that can help you identify, report and reduce the risk of phishing emails during the holidays:
If I look at the sender domain, does it match the company's domain or has someone added something like “delivery-google.com” or “G00GLE.com”?
If we look at the content. Think to yourself, is this something I would normally expect to see in this type of email? How is the language used? Does it match the company's usual tone, and is the written content free from spelling errors?
The link itself (but what if it’s an attachment or a request? We’ll get to that later). This one’s simple, does the link take you where you want to go? Remember not to click without thinking. Instead, you can hover your mouse over the link to see where it will take you if clicked.
Remember, this works if people are trying to sneak in as well, investigate. “If you’re supposed to get in here, then someone who knows you can let you in”
2. Listen to your gut
Listen to your gut: Sometimes your gut tells you that you are hungry, and sometimes it tells you that something is "phishy". In both cases, it tends to be right. If it’s the latter, circle back to point one. 😉
3. Report cyber threats or suspicious emails
Tell someone: This is where we get back to the “attachment or request” thing 😉.
If your stomach is making a loud rumble and you are unsure about a request, you should contact someone. Whether the person is a manager, friend, or colleague; they'll usually be happy to help.
If there is something so time-sensitive that it can't wait a minute; it’s one of two things. Either it’s a scam or it’s a bad work environment. In both cases, get out!
Ok, so you've clicked a link, opened an attachment, or fill in some sensitive details. All of a sudden the alarms go off!
First of all, take a deep breath and lower your shoulders.
Disconnect your device from the internet.
Depending on what happened and the setting you are in, contact either your: Manager and IT staff, your provider, or a tech-savvy friend. In that order.
Remember your holiday security awareness tips and stay safe!
Last but not least remember one thing. Every time you don't fall for a trap set by a hacker it means that you have won and that they have lost. This is guaranteed to bring about a good feeling every time!
With that, I wish you a safe, secure and happy holiday season!
Continue reading to discover tips on how to develop a security culture within your company, or learn how to stay secure from a new phishing threat: callback phishing.