How does computer security affect me or my company? Why should I care or take the time to learn about computer security and attempt to become better prepared to avoid the bad stuff?
Most attempts have been focused on trying to steal money through electronic money transfers, but some have also attempted to steal sensitive employee data. Sometimes the warning flags are very subtle and we always need to be on guard. Often once this money is transferred, even if you catch it a short time later it’s already too late to get it back and the bank isn’t going make up the difference. You’re out of luck at that point.
Another example, what if an email asks for sensitive employee information and the bad guys are successful in tricking someone to send that information to them or even to get login information to one of your company’s computer systems where they download a report that has information on all employees? Employees/Customers would need to be notified about this data breach. The bad publicity would be huge and could cause a company to lose customers, employees and ultimately lead to lower revenues overall. You would have to pay for credit monitoring, notifications to employees, attorney fees, etc. This type of events can easily cost a company hundreds of thousands of dollars
The primary delivery method for these attacks is email. Here are the warning signs to watch out for in an email.
- Malicious emails can appear to come from people you know just as easily as they can come from someone you don’t know. Just because an email comes from someone you know don’t blindly assume the email is safe. Remember, the person who sent you the email, their email account could have been comprised and now is in control of a bad guy.
- Does the email attempt to create a sense of urgency? Your account will be deleted, please confirm before it is too late. We’ve seen fraudulent activity on your account. We need a money transfer right away for a critical need.
- Does the email want you to open an attachment that you were not expecting to receive?
- Does the email tell you to click on a link to a website?
- Does the email tell you that you need to reset your username and or password?
- If you hover your mouse over website links in the email (don’t click on them) you’ll see that they point to a random website that appears to have nothing to do with the email.
- If you look closely at the sender information on the email (hover the mouse over their name and/or email to get more details), you may, but not always, see that the email is coming from an unknown email address.
- The email is not one you were expecting. The subject matter of the email is unexpected and not something you would typically receive from the person sending it.
One of these warning flags should be enough to raise your suspicions. Two or more of these warning flags is practically a guarantee that you have a malicious email on your hands.
What do you do? Be aware of these warning flags. Watch out for them. If you see anything that seems suspicious to you, please forward it to your IT Department so that they can review. You may be 100% confident that it’s a bogus email and should simply delete it, but it is helpful for IT to see these so that we can better gauge trends and monitor the activities of the bad guys. When you do forward the email please attach it to an email. Don’t forward the email inline. When an email is forwarded inline we lose some information the help with any research IT might do.
Something else you can do is to verify via a phone call to the email sender that the email you received is legitimate.
Computer security is crucial these days and being on top of it can help your company in many different ways. These precautions can save your company money and time spent on the recovery of lost data or money, not to mention ease the workload of your IT department so that they can focus on other things.