If you are trying to figure out who is the weakest link in an organization’s security, in the case of a successful security breach, it is typically one of your users. Despite all the security policies and tools that IT departments have in place to manage security, users are still one of the most common entry points. As you can see, this is something that IT specialists can never fully control, and that’s why user security starts with you!
User Security Tip #1: Don’t Go Clicker-Happy on Weird-Looking Files
Earlier versions of phishing delivered malicious payloads directly to unwary desktops users. Targets would need click to open malicious documents, images, PDFs, and disguised executables. Oftentimes, these emails come from dubious sources and feature irrelevant or generic content. Over time, users learn to ignore attachments from unfamiliar sources.
Attackers then improved their chances by adopting more tactics that made it difficult for their targets to differentiate between malicious and legitimate messages. For example, they made emails look like they were being sent by someone the victim trusts, by mining contact lists and social media profiles.
What You Can Do:
If the message requests for a social media or business connection, log in to the actual site and check if your account has the same request. Cyber criminals can easily forge, e.g. a LinkedIn request, and it looks very much like the real thing. If the request is fake, it will just direct victims to malware sites instead. All in all, you should never connect with anyone whom you have no personal contact or association with. Be prudent in your connections to avoid jeopardizing your own security!
User Security Tip #2: Don’t Get Locked Out of Your Own Computer
Email and website scams have gotten far more convincing and personal in recent years. People are no longer dealing with fake Nigerian princes or messages that contain marginal English. Victims can now get locked out of critical systems and files. Ransomware, for example, can make an entire network of computers inoperative until victims pay a ransom demand via virtual currency.
Banking Trojan infections can go unnoticed until financial accounts have been drained dry. These kinds of trojans often redirect the user to a counterfeit version of the banking website. Since it looks realistic, the victim unknowingly keys in his or her credentials. Next, the Trojan automatically enters the data into the legitimate website at the same time. That’s where things start to go downhill.
What You Can Do:
Let’s say you receive an email and it features your bank’s name. You open the mail and you find link addresses that look weird within it. You should look but never click on the links from unsolicited emails. It is possible to test the link by typing the website address directly in a new window. Next, you should check for spelling mistakes. Legitimate messages often do not have poor grammar or major spelling mistakes. Brands are pretty serious when it comes to emails. If you notice anything suspicious, it is a good idea to report it. Whatever you see, you should never give up personal information. Legitimate companies will never request their clients to provide personal credentials via email.
Today, raising user awareness of security issues as well as reporting and identifying attempted attacks is a critical aspect of cyber threat protection. While IT departments in organizations should regularly patch systems and ensure strong endpoint protection to protect users, the status of your online security still depends on your choice of actions.