November 30th is National Computer Security Day. First established in 1988, National Computer Security Day is the perfect time for businesses to launch new security awareness initiatives. In fact, this holiday spawned from one of the world’s first cyberattacks: an attack on ARPANET (the internet’s predecessor) that harmed 10% of connected computers. In the wake of that eye-opening incident, IT professionals realized that there was a need for increased security awareness in order to reduce the chance of future similar events. The Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control chose November 30th to remind folks to be security conscious before the busy holiday season.
Read more about the fascinating history of National Computer Security Day and look at the timeline of cybercrime here: https://nationaltoday.com/national-computer-security-day/
Learn the secret to ransomware defense in Cracking the RANSOMWARE Code. GET BOOK>>
How Can Organizations Benefit from National Computer Security Day?
When everyone is more security conscious, the whole company benefits (especially the IT department!). National Today offers a great menu of options that enable companies and IT professionals to choose fun, engaging ways to fight back against surging cybercrime by raising security awareness in their organizations like:
- Get high-level buy-in for security awareness initiatives and launch cyber security awareness programming to communicate critical messages about risks like phishing.
- Host a lunch-n-learn to reinforce positive and motivational messages about cybersecurity.
- Recycle material from a webinar in a simple, fun trivia contest with fun prizes.
- Run a competition for IT team members that requires resolving simulated cyberattacks to win a prize.
- Answer employee questions. Your organization may have unique programs, policies and best practices. Help employees understand material for which they cannot find answers on the internet.
- Share information about the latest phishing tactics and popular methods of propagating cyber threats like ransomware. Explain who to contact in the event of questions about a specific online interaction or email.
- Include content about remote work safety as pandemic challenges evolve. The majority of remote workers communicate primarily through email, elevating phishing risk.
- Remind employees that security protocol extends to every work device they’re using, even when using them for personal tasks, and vice versa. Remote workers regularly use the same devices for work and personal tasks, making security awareness paramount.
See how to avoid cybercriminal sharks in Phishing 101. DOWNLOAD IT>>
Strong Security Starts with Phishing Awareness
A huge part of any company’s security awareness initiative has to be phishing awareness. After all, stopping ransomware, fraud, business email compromise, malware and credential compromise starts with stopping phishing. Make sure that staffers know how to spot a phishing email, and what they should do when they encounter a dodgy message. Here’s a guide to red flags that may indicate that a message is actually phishing.
Red Flags That Point to Phishing
Adapted from our blog post What is a Common Indicator of a Phishing Attempt?
Is the subject line accurate? Subject lines that feature oddities like “Warning”, “Your funds has” or “Message is for a trusted” should set off alarm bells. If the subject or pre-header of the email contains spelling mistakes, usage errors, unexpected elements like emojis or other things that make it stand out from emails you regularly receive from the sender, it’s probably phishing.
If the greeting seems strange, be suspicious. Are the grammar, punctuation and spelling correct? Is the greeting in a different style than you usually see from this sender? Is it generic when it is usually personalized, or vice versa? Anomalies in the greeting are red flags that a message may not be legitimate.
Check the sender’s domain by looking at the email address of the sender. A message from a major corporation is going to come from that company’s usual, official domain. For example, If the message says it is from Sender@microsoftsecurity.com instead of Sender@microsoft.com, you should be wary.
Word Choices, Spelling & Grammar
This is a hallmark test for a phishing message and the easiest way to uncover an attack. If the message contains a bunch of spelling and usage errors, it’s definitely suspicious. Check for grammatical errors, data that doesn’t make sense, strange word choices and problems with capitalization or punctuation. We all make the occasional spelling error, but a message riddled with them is probably phishing.
Does this look like other messages you’ve received from this sender? Fraudulent messages may have small variations in style from the purported sender’s usual email style. Beware of unusual fonts, colors that are just a little off, logos that are odd or formats that aren’t quite right.
Using malicious links to capture credentials or send victims to a web page that can be used to steal their personally identifiable information (PII) or financial information is a classic phishing scam. Hovering your mouse or finger over a link will usually enable you to see the path. If the link doesn’t look like it is going to a legitimate page, don’t click on it. If you have interacted with it, definitely don’t provide any information on the page that you’re directed to because it’s almost certainly phishing.
Never open or download an unexpected attachment, even if it looks like a normal Microsoft 365 (formerly Office) file. Almost 50% of malicious email attachments that were sent out in 2020 were Microsoft Office files. The most popular formats are the ones that employees regularly exchange every day — Word, PowerPoint and Excel — accounted for 38% of phishing attacks. Archived files, such as .zip and .jar, account for about 37% of malicious transmissions.
Is this someone or a company that you’ve dealt with before? Does the message claim to be from an important executive, politician or celebrity? A bank manager or tax agent you’ve never heard of? Be cautious about interacting with messages that seem too good to be true. Messages from government agencies should also be handled with care. Phishing practitioners love using fake government messages. In the United States, the federal government will never ask you for PII, payment card numbers or financial data through an email message out of the blue – that’s phishing.
The road to security success begins with 5 Steps to Ransomware Readiness! GET IT>>
Increase Computer Security by Protecting Computers from Phishing-Related Threats
The fastest and easiest way to prevent a phishing-related disaster is to prevent employees from receiving a phishing message with Graphus. Automated, AI-powered protection for email boxes is the best way to guard against phishing risk – an automated security solution like Graphus catches and kills 40% more phishing threats than conventional security or a SEG. The ideal choice to combat the flood of dangerous phishing email heading for every business, Graphus layers security for more protection with three powerful shields.
- TrustGraph uses more than 50 separate data points to analyze incoming messages completely before allowing them to pass into employee inboxes. TrustGraph also learns from each analysis it completes, adding that information to its knowledge base to continually refine your protection and keep learning without human intervention.
- EmployeeShield adds a bright, noticeable box to messages that could be dangerous, notifying staffers of unexpected communications that may be undesirable and empowering staffers to report that message with one click for administrator inspection.
- Phish911 enables employees to instantly report any suspicious message that they receive. When an employee reports a problem, the email in question isn’t just removed from that employee’s inbox — it is removed from everyone’s inbox and automatically quarantined for administrator review.
What’s next in phishing? Find out in the 2021 State of Email Security Report! GET IT NOW>>