October is Cyber Security Awareness Month (CSAM). The goal of CSAM is to help Canadians stay cyber-safe by equipping them with knowledge through the following four themes:
- Week 1: You Got Phished
- Week 2: Where, Why and How It Happens
- Week 3: Prevention
- Week 4: Putting It All Together
For the final week of CSAM we're focusing on the theme, “Putting It All Together”. This week, we're discussing how to spot the 7 red flags of phishing, cybersecurity tips for older adults and children, and how to equip colleagues with knowledge of phishing.
The 7 Red Flags of Phishing
Phishing is a common method that hackers will use to steal valuable information from individuals and organizations. Phishing scams are often disguised as messages from people and organizations that you trust, making them easier to fall victim to.
The most important way to avoid a phishing scam is to learn how to recognize one. Here are seven red flags to look out for:
- Urgent or threatening language: Look out for threats of closing your account or taking legal action, and pressure to respond or act on something quickly.
- Requests for sensitive information: Be on alert for links directing you to login pages, requests to update your credentials, and demands for your or your company’s financial information.
- Anything too good to be true: Avoid actions on messages that claim winnings from contests you’ve never entered, prizes you must pay to receive, and inheritance from long-lost relatives.
- Unexpected emails: Disregard emails such as receipts for items you’ve never purchased and updates on deliveries for things you didn’t order.
- Information mismatches: Look out for incorrect (but maybe similar) sender email addresses, links that don’t go to official websites, and errors in spelling or grammar that a legitimate organization wouldn’t miss.
- Suspicious attachments: Avoid attachments that you didn’t ask for that have weird file names or uncommon file types.
- Unprofessional design: Be on alert for incorrect or blurry company logos, image-only emails, and company emails with little, poor, or no formatting.
If you encounter any of these red flags in an email or message, do not interact with it. Rather, delete the email or message. If you are unsure, ask the sender about the message through a different channel.
Cybersecurity Tips for Older Adults and Children
https://www.youtube.com/watch?v=WQ9ZNShXbC0
Learning how to be cyber safe can seem like an overwhelming task. For older adults and children, there is a lot to learn about practicing safe online behaviour, as well as ensuring your devices are protected from cyber threats. The best way to prevent falling victim to a cyber-attack, such as phishing, is to know how to recognize and prevent yourself from becoming a victim.
Our devices do a great job of making our lives more convenient! For example, older adults can turn to their computers and tablets to chat with their family and friends, and kids can turn to their smart speaker and ask for homework help (“Hey Google, what is 2 x 2?”), learn about any topic of their choosing, play music, and more! But, just like other internet-connected devices, smart devices can give potential cybercriminals access to our information.
If you encounter any of the seven red flags of phishing in an email, phone call, or text message (aka smishing), do not interact with it. Delete the email or text, do not answer the call (or hang up), and if relevant report it. Phishing attempts are becoming more sophisticated, so if you are unsure ask the “sender” about the message through a different channel.
For example, if your child receives an email from their teacher asking them to send them personal information- it is likely a phishing attempt as teachers, or the school would reach out to the parent. In this case, you or your child can ask their teacher directly in their next online or in-person class to confirm if the request was legitimate or not.
Older adults must also be on the lookout for the red flags of phishing as they can become a target of cybercrime such as romance scams, tech support scams and grandchild scams. Some actionable steps that both older adults and parents of young children can take to practice cyber safety include:
- Teach children about cyber safety
- Think twice before you share any personal information online
- Always verify requests with a trusted source
- Use anti-virus and malware protection
- Backup your data
- Only visit trusted websites and do not click on unknown links or attachments
- Protect your accounts with MFA
- Use complex passphrases and passwords
How To Equip Colleagues with Knowledge Of Phishing
Whether you’re working at the office or remotely, cyber security practices should be taken seriously. Businesses of every size can be a target of cyber crimes such as ransomware, phishing, and malware. While not completely unavoidable, proactive measures should be taken to avoid cybercrime and protect your business networks.
Cyber security is a team effort that requires action from both management and employees. The best way to equip your team to prevent becoming a victim of cybercrime is to learn how to recognize and prevent it! Here is what you can do to ensure your team is prepared to avoid common cyber crimes, such as phishing:
- Implement Email Best Practices: Combat the inevitability of cybersecurity breach attempts through email by communicating best practices with your employees. Practices such as: separating internal and external emails, prohibition of all unknown email link clicks and keeping an updated SPAM filter.
- Educate Your Team: Ensure that your team understands what is at stake with a business’s cybersecurity. Highlight case studies to show your team how poor cyber habits cost other businesses and share examples of what an attempted cyberattack looks like. Learn the seven red flags of phishing, and always be on alert.
- Implement Information Regulations: Create strict rules on when it is appropriate for an employee to give out personal, sensitive or business-related information through any form of electronic communication or online medium.
- Implement Browser Best Practices: Combat the inevitability of cybersecurity breach attempts through online websites by communicating browser best practices with your employees. Practices such as firewall implementation, browser monitoring/usage limitations and education on online safety features (such as SSL).
- Implement Personal Account Regulations: Create regulations surrounding what personal accounts employees can and cannot access on the business network (such as personal banking and email accounts).
Your colleagues are your first line of defense against common cyber attacks, including phishing and ransomware. Did you know that AlphaKOR offers Cyber and Phishing User Training services? These services include dedicated training and educational materials to educate your employees about cybersecurity risks.
Your Cyber Security Partner
As Cyber Security Awareness Month comes to an end, be sure to extend what you have learned this past month into your everyday cyber habits!