Along with Breast Cancer Awareness Month, did you know that October is also Cyber Security Awareness Month?
As we work hard to raise funds and awareness with Making Strides Against Breast Cancer events and other mission partnerships in October, Information Technology wants to help us grow our online awareness – by featuring a few informative articles throughout the month.
Let's jump right in: This first article examines the importance of critical thinking in avoiding cyberattacks. When we hear about phishing, IT asks that we use our critical thinking skills. But what exactly does that mean?
Critical thinking is the process of actively analyzing and evaluating information gathered by observation, experience, or reasoning to inform action. These skills are particularly important when working in your inbox because email is the easiest way to access any company. Below are some facts to keep in mind:
- Most email is spam – up to 97 percent of global email is not legitimate!
- An event that starts with only one person (clicking a bad link or opening a malicious attachment) can quickly multiply.
- Scammers usually like to incite emotions and urgency to deliberately derail your critical thinking skills.
- Most phishing emails will send you to a malicious site that has been created for this attack.
Using the following questions can help us approach our email – both at work and home – with critical thinking and the right response:
- Where did the email arrive, your inbox or a junk/spam folder? Unless you are positive that the email is legitimate, leave it in the Junk folder. Your email provider is probably right – this is an email you don't want or need.
- Do you know the sender? Any email from a stranger should be viewed with suspicion.
- Was the email sent only to you? Spam and malware are usually sent in volume. Scammers make their money by finding one or two unsuspecting or careless people for every thousand emails sent. If someone other than you appears in the "To" field, that might be a red flag.
- Were you expecting this email? Successful phishing attacks often exploit a compromised user's address book to send the malicious software to their contacts and friends. If you see a puzzling email from someone you know, email them back and ask whether they meant to send that email. Chances are you'll be doing them a favor by alerting them that they have been hacked.
- Does the message make sense? Read suspicious messages carefully for clues that the real sender is someone other than who they claim to be – broken English, vague messages, and language that doesn't sound like a typical message from your sender.
- Are there logos or identifying marks in the signature? Compare the signature block and the "From:" address; is it a reasonable comparison? If this email is representing a large company, it should come from the corporate email address, not a free email account.
- Are there attachments? Generally, only open attachments from your most trusted senders and only if nothing else about the email is suspicious.
- Do the links take you to where they say? Always hover before you click; you don't have to click a link to know its destination. If you do not recognize the address or it looks strange in any way, don't click!
If you get suspected phishing emails in your inbox, move to your Junk folder. Do not respond to the email; doing so would just verify that your email address is active, and you will get more phishing emails. Lastly, do not forward the email. You are just helping the phisher create more copies of the email, which could lead to more issues.
If your email address is compromised, make sure you change your password right away. Consider applying a multi-factor authentication – a security measure that requires more than one method of authentication from different types of credentials to verify your identity for a login – to your home email accounts. For example, if you log in from a new computer, multi-factor may require you to know your email password, as well as have your mobile phone nearby to receive a special code to verify it is you before you can log in. This will make it harder for a criminal to access your account, and all the larger free email accounts provide this protection.
Another way scammers can try to worm their way in is through internet pop-ups or phone calls. Use your critical thinking skills there, too:
- Remember that Microsoft, the IRS, and many other entities will not call you on the phone and ask for sensitive information.
- If something sounds too good to be true, it is.
Continuing throughout October, look for additional IT security articles on My Society Source with good information you can use to keep yourself and your family safe.
So, as you fire up your pink for breast cancer awareness, let's all make the commitment to learn more and stay safe as we use the latest and greatest technology in our roles.