Information Security is Everyone's Responsibility
Adversaries target us because their attacks continue to be effective with stealing data, distributing malware or providing monetary gains. Bad guys will design malicious emails that are used in social engineering attacks. The emails, also known as phishing attacks, are a form of social engineering.
What exactly is a social engineering attack? This variety of attack is based on human interaction to obtain or compromise information from an organization or its network. The attacker would seem legitimate or unaware of a process and request assistance. When asking questions, the attacker may be able to gather enough information to access an organization's network either physically or remotely.
What is a phishing attack? Phishing is a method of social engineering. Phishing attacks utilize email and/or malicious websites to solicit personal information while acting as a trustworthy organization. Phishing attacks could be disguised to come from many other types of organizations. Depending on the event or time of year, different themes of phishing attacks are based on natural disasters, political events, holidays, health and viral incidents, etc.
Recently, there have been themed phishing campaigns designed for malicious cyber activity seeking to capitalize on interest in hurricane relief and the holiday shopping season. Please exercise caution in handling any email subjects, attachments, hyperlinks or social media that seems suspicious. Themed emails often contain links or attachments that once clicked will redirect users to credential harvesting or malware-compromised website.
Can email be dangerous?
- Email is easily distributed. Forwarding email is the simplest way that a virus or malware can quickly infect many machines.
- Keep software up to date on all of your devices. This will deter attackers so that they can't take advantage of known vulnerabilities.
What can you do to protect yourself?
- Be vigilant of unsolicited phone calls, visits, or emails from individuals asking about your organization's internal information.
- Don't provide personal or financial information or organizational information unless you're able to confirm the individual.
- Review the URL of a website. Malicious websites often contain spelling errors or a different domain (.com vs .org).
- Nurture your inner security geek: The slogan "if you see something, say something" is everywhere. It's another line of defense that we all can participate in. Report any unusual behavior in your digital world to the technology department or law enforcement agencies.
Your personal information is everywhere and privacy is diminishing. For every online transaction - email, social media post or instant message - it's digital shadow grows as copies are stored, backed up and archived on systems at your employer, bank, service provider and everywhere along the way. Once you've clicked, keyed or texted it, it's out there. Be an advocate of yourself and for your information.
- You are responsible for the security and protection of your passwords. WPS requires an annual password change. A 16-character password is required.
- Screensaver: screensaver lockout occurs after 30 minutes of inactivity. However, the screen should be manually locked if the computer is unattended. Contact your Tech Para or the District Technology Office for assistance.