By James Lee – Information Security Analyst: Team Lead – Intrinium
Chances are, you or someone you know has fallen victim to some Information Security attack. Whether it was someone attempting to brute force their way into one of your accounts, or an email you received that looked legitimate but ended up leading to Ransomware, or perhaps you clicked on the wrong link while perusing Facebook and found yourself being redirected to a suspicious website. These situations are becoming all too common as so many facets of our lives are being pushed online and to the cloud. It is imperative that everyone has a basic understanding of Information Security and how the business or individual could be impacted if they do not practice due diligence when engaging in online activity.
Because of this trend, Basic Security Awareness Training is imperative and will substantially reduce the risk of potential security incidents both at home and in the workplace. The most common successful attacks rely on the target user to take some action (such as clicking on a malicious link within an email). Therefore, many recent compromises could have been avoided with an appropriate security awareness training program, instructing users on what they should be looking for. These instructions should contain but are not limited to maintaining a strong password, properly handling email messages and phone calls, physical security, and even managing your Social Media presence.
Handling Email Messages
Another essential item that should be addressed while covering security awareness training is how to recognize email phishing attempts. Email Phishing is one of the most common types of attacks, which involves an attacker sending an email message to users in an attempt to obtain sensitive information such as usernames, passwords, identity information, or credit card numbers. These types of attacks are often successful because they rely on human error, which is impossible to rid of completely.
Because of this, the best defense against email phishing is to educate users, so they can do their part in spotting these emails and dealing with them appropriately. Users should be educated to pay close attention to the sender address, any links within the email that could be malicious, or any suspicious attachments. It’s worth mentioning that phishing emails usually contain a sense of urgency, intriguing the user to click the link due to a deadline of some sort.
Social Media Presence
Facebook, Twitter, and Instagram are great resources. They allow anyone who creates an account to interact and share memories with friends and family around the world. Unfortunately, with all the excitement we get from these applications, they also create more risk for us. For instance, let’s say you go on a long vacation and decide to post pictures to Facebook mentioning how much fun you are having. While this does not seem like a risk, you must remember that everyone you are affiliated with on Facebook will now know that your normal place of residence is now unattended for the duration of your vacation. If this information somehow falls into the wrong hands, your home could be a target for a break-in. It’s for this reason, it’s a good idea to only make your posts visible to friends in your Facebook settings. In addition to this, you will want to be due diligent in ensuring you are not posting anything to social media that could possibly lead to a security incident of some sort.
As employees continue to be the most common attack surface for cyber criminals, it is critical that individuals know how to defend themselves against malicious actors. Having spent the last couple years performing multiple security tests with numerous clients, I can tell you with confidence that security awareness training is one of the best investments you can make. It’s so important, in fact, that many businesses are required to have testing and training implemented to comply with the government and industry regulations.