In this article, we’re going to cover a few vital tips on how to educate users to keep your IT systems safe the best part: it doesn’t cost a penny. There's plenty of thought-provoking information on the rest of the page and we've also included an informative, government-backed, video from The Centre of National Infrastructure Protection at the bottom.
One of the biggest threats to the security of your systems are the users. We’re not talking about malicious activities here, just simple mistakes and bad practices that many of us are guilty of.
User awareness and filtering is often the best defence against cyber threats and attacks.
We ask that users question anything that looks suspicious.
Look at everything suspiciously, if something does not look right then ask as it may not be:
- Should I be receiving an email with an invoice attached?
- Would my bank ask me this?
- Would they say that?
- That popup does not look normal
If on Doubt Ask! As a customer of Get Support IT Services’ IT Support Department service, we’re only a phone call or email away. Always feel free to ask our friendly team of experts if you’re at all concerned it’s best we check it out for you.
Details by email
If a supplier sends you new bank details – always call them on a number you know is theirs and check the bank details are real. Don’t just call the number on the bottom of the email. There are an increasing number of very sophisticated frauds when a party sending money is convinced to change the bank details at the last minute and transfer money straight into the bank of a fraudster.
If in doubt Ask! But we can’t help you with this one – you need to call the other party involved.
Phishing is an attempt to obtain sensitive information such as usernames, passwords, and credit card details, and money. This is often for malicious reasons by disguising as a trustworthy entity in an email or website. Examples of these include:
- Fake bank emails are asking you to click through to log in – You bank will never send you a link asking you to log on or ask you for your username, password, pass phrase or passcode by email.
- Fake invoice emails
- Fake delivery emails
- Fake email alerts
How to spot phishing emails:
- Is the email address correct? (Look really closely – there are ways to set an additional emailed address as a display name to try and trick you)
- Is the content correct/suspicious/ are there any typos?
- Am I being asked for something that’s not right?
- Should I be receiving this kind of email?
- Was it in your Junk folder or quarantine?
- Is the email generic or have you been provided with information that only the real sender would know?
- Does the link go to the correct URL? You can check this by hovering over it
- Don’t click links in emails where possible, go to the site directly
- Password Managers can help. If the website does not have the correct address, your Password Manager won’t offer you the password to login
In a future blog post, we’re going to look at password security and password managers.
Feel free to share a link to this page to your team. Get everyone thinking about security. If you would like advice on how to train your team please use the contact form at the bottom of the page or give us a call.
There's a good, informative video below all about Phishing and Spear Phishing:-