News

CEO And CFO Fraud Creates Exposures For Boards

The SEC finds two Silicon Valley company officers committed a $700 million fraud. What oversight was missing that led to this enormous fraud? We examine. Read More

Are Your IoT Devices Vulnerable To Attack?

Too often organizations and individuals forget to secure IoT devices, which hackers can breach to access network-connected computers. We examine. Read More

An Enterprise-Wide Cybersecurity Plan: A Crucial Step For Protecting Data

Not having a cybersecurity plan with human oversight left the U.S. Department of the Interior vulnerable to data breaches. We examine what this means for your organization. Read More

Smarter Email Practices Means Ignoring Some Messages That Appear Important

The Incident Response Report published by F-Secure, an international cybersecurity organization, found that 34 percent of all cyberattacks occur through email.

Of the cyberattacks carried out via email, slightly under half were phishing or spear-phishing attacks, and slightly over half were emails with attachments containing malware.

The report also found that 55 percent of cyberattacks resulted from targeted attacks, and 45 percent were opportunistic attacks. Of all cyberattacks studied, 20 percent were malware infections; 52 percent were social engineering attacks; and 48 percent were external exploits. Ray Schultz "Email-The Leading Factor In Malware Attacks: Report," www.mediapost.com (Feb. 23, 2018).


Commentary

Email is the weakest link in cybersecurity for most organizations because every organization relies on email to conduct business. Job and productivity pressures play into employees not taking time to sufficiently analyze each particular email. Cybercriminals know this fact and take advantage of it.

Training employees on email best practices is one of the main ways that organizations can stay safe from hackers.

Train employees that cybercriminals often send email attachments that contain malware, which will infect the organization’s entire network if they open them. Avoid selecting attachments or links in emails, even if you know the sender, unless you are certain of what the link or attachment contains.

If you are unsure, contact the sender independently of the message (e.g., by phone, text) to verify he or she sent the message.

Another important rule is to never select a link or reply to an email purporting from a banking institution that asks you to send personal or business account information.

Be keenly aware of phishing scams. There are a number of different types of phishing scams. Many people know about and avoid advance fee scams, in which the sender claims the recipient will receive a “large sum of money” after sending bank account information.

There are other dangerous phishing emails, however, like “help desk” or “email account deactivation” scams in which an email claims that an account needs to be verified by clicking on a link or it will be “deactivated”.

According to OnGuardOnline.gov, the following are common messages used in phishing emails:

  • “We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity”.
  • “During our regular verification of accounts, we couldn't verify your information. Please click here to update and verify your information”.
  • “Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund”.
Finally, your opinion is important to us. Please complete the opinion survey:

Sign In

Are you a new user?

Register here

Retrieve password