News

An Enterprise-Wide Cybersecurity Plan: A Crucial Step For Protecting Data

Not having a cybersecurity plan with human oversight left the U.S. Department of the Interior vulnerable to data breaches. We examine what this means for your organization. Read More

Keeping Your Private Data Private After Facebook And Cambridge Analytica

Many users no longer trust Facebook to protect their personal information. Learn some protection steps, should you choose to continue to use it. Read More

How A Microsoft Word Document Is Used To Deliver Malware

Cybercriminals are increasingly using Microsoft Office documents as vehicles for malware. Learn how software and employee training can reduce your risk. Read More

Smarter Email Practices Means Ignoring Some Messages That Appear Important

The Incident Response Report published by F-Secure, an international cybersecurity organization, found that 34 percent of all cyberattacks occur through email.

Of the cyberattacks carried out via email, slightly under half were phishing or spear-phishing attacks, and slightly over half were emails with attachments containing malware.

The report also found that 55 percent of cyberattacks resulted from targeted attacks, and 45 percent were opportunistic attacks. Of all cyberattacks studied, 20 percent were malware infections; 52 percent were social engineering attacks; and 48 percent were external exploits. Ray Schultz "Email-The Leading Factor In Malware Attacks: Report," www.mediapost.com (Feb. 23, 2018).


Commentary

Email is the weakest link in cybersecurity for most organizations because every organization relies on email to conduct business. Job and productivity pressures play into employees not taking time to sufficiently analyze each particular email. Cybercriminals know this fact and take advantage of it.

Training employees on email best practices is one of the main ways that organizations can stay safe from hackers.

Train employees that cybercriminals often send email attachments that contain malware, which will infect the organization’s entire network if they open them. Avoid selecting attachments or links in emails, even if you know the sender, unless you are certain of what the link or attachment contains.

If you are unsure, contact the sender independently of the message (e.g., by phone, text) to verify he or she sent the message.

Another important rule is to never select a link or reply to an email purporting from a banking institution that asks you to send personal or business account information.

Be keenly aware of phishing scams. There are a number of different types of phishing scams. Many people know about and avoid advance fee scams, in which the sender claims the recipient will receive a “large sum of money” after sending bank account information.

There are other dangerous phishing emails, however, like “help desk” or “email account deactivation” scams in which an email claims that an account needs to be verified by clicking on a link or it will be “deactivated”.

According to OnGuardOnline.gov, the following are common messages used in phishing emails:

  • “We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity”.
  • “During our regular verification of accounts, we couldn't verify your information. Please click here to update and verify your information”.
  • “Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund”.
Finally, your opinion is important to us. Please complete the opinion survey:

Sign In

Are you a new user?

Register here

Retrieve password