Still working remotely?
October is Cybersecurity Awareness Month. For 2020, the theme is s ‘Do Your Part. #BeCyberSmart’. It is important to be aware, vigilant, and maintain a high standard of cyber security in order to keep your personal information and data safe.
Here are a few basic questions/tips to consider within your remote environment to ensure your systems and data remain secure:
Beware of Social Engineering
One tactic being leveraged by cyber criminals is social engineering. This involves manipulating a person or persons in order to access company systems and private information. Social engineering plays into your natural inclination to trust and is the easiest method for setting the stage for a ransomware attack.
4 Types of Social Engineering Scams:
Phishing: is the leading tactic leveraged by today’s ransomware hackers, typically delivered in the form of an email, chat, web ad or website designed to impersonate a real system and organization. Often crafted to deliver a sense of urgency and importance, the message within these emails often appears to be from the government or a major corporation and can include logos and branding.
Baiting: similar to phishing, baiting involves offering something enticing to an end user in exchange for private data. The “bait” comes in many forms, both digital, such as a music or movie download, and physical, such as a branded flash drive labeled “State of Virginia - Confidential Salary Analysis, Q4 2020” that is left out in public for an end user to find. Once the bait is taken, malicious software is delivered directly into the victim’s computer.
Quid Pro Quo: similar to baiting, quid pro quo involves a request for the exchange of private data but for a service. For example, an employee might receive a phone call from the hacker posed as a technology expert offering free IT assistance in exchange for login credentials.
Pretexting: is when a hacker creates a false sense of trust between themselves and the end user by impersonating a co-worker or a figure of authority within the company in order to gain access to private data. For example, a hacker may send an email or a chat message posing as the head of IT Support who needs private data in order to comply with a corporate audit (that isn’t real).
If you have concerns about any of the basic questions above or are unsure of the validity of emails and credential requests, reach out to your IT department, employer or service provider for support.
We are all in this together and it is critical to all parties to protect ourselves on-line.