Even the strongest organization-wide network security policy can leave end users exposed to threats. This security hole can lead to financial, legal, and productivity implications for the entire organization.
Uneducated or unaware end users can fall prey to cyber attacks such as phishing, when a user receives a fraudulent email that looks like it came from a legitimate company asking for financial or other personal information. Phishing can breach sensitive personal and corporate information, putting both the individual and the company at risk.
About 156 million phishing emails are sent out each day, 90 percent of which are caught by spam filters. That still leaves 16 million out there as potential threats. Of that 16 million, half are opened by unsuspecting users, according to a study performed by Canadian organization Get Cyber Safe.
Deploy these “spring cleaning” tactics across your enterprise to avoid phishing scams and strengthen cyber security for 2014:
1. Clear out spam folders.
The spam folder is where the majority of phishing emails reside. Most email clients automatically delete spam emails after a set period. However, it’s a good idea to go through the spam folder more frequently to delete suspicious emails so they are not lurking on the system.
Educate users on what phishing emails and spam are, and encourage them to take time to report or block emails from suspicious senders or known phishing sources. Make sure they know not to open spam emails before they delete them–falling victim to a phishing email could install malware, spam a user’s contacts list, or steal financial information.
2. Block or report phishing attempts on social channels
The latest venue for phishing scams is social media. Users may see a post, chat, or private message from a social media contact that doesn’t seem quite right, urging them to click on a link. One popular Facebook phishing/spam message, for example, asks the user to look at photos of a friend’s burned living room after a fire. Once the link is clicked, it installs malware on the system.
Inform end users not click suspicious links in status updates, tweets, chats, or private messages on social networks. This rule also applies to online ads and sponsored posts. Instruct users to block and report spam and phishing, and to report it to the social media site. Users should also delete social media contacts whose accounts have been hacked, and delete any old or unused accounts to decrease the likelihood of them being taken over by cyber criminals.
3. Upgrade to stronger passwords
Make sure to change passwords and security questions frequently, to lower the chance of social media or email accounts being hacked. Strong passwords are more than eight characters long, do not contain names or complete words, are unique from other passwords, and contain a mix of lowercase and uppercase letters, numbers, and special characters. Users may want to consider a password management program that helps keep passwords organized.
Also, consider multifactor security steps to bolster passwords and protect against hacking. Multifactor security could user generated passwords and biometrics, or PIN numbers to unlock a device.
To learn more spring cleaning tips for network security, read part 3 of our series.