Information Security is Everyone's Responsibility
Adversaries target us because their attacks continue to be effective with stealing data, distributing malware or providing monetary gains. Bad guys will design malicious emails that are used in social engineering attacks. The emails, also known as phishing attacks, are a form of social engineering.
What exactly is a social engineering attack?
- This variety of attack is based on human interaction to obtain or compromise information from an organization or its network. The attacker would seem legitimate or unaware of a process and request assistance. When asking questions, the attacker may be able to gather enough information to access an organization's network either physically or remotely.
What is a phishing attack?
- Phishing is a method of social engineering. Phishing attacks utilize email and/or malicious websites to solicit personal information while acting as a trustworthy organization. Phishing attacks could be disguised as coming from an individual or from an organization. Depending on the event or time of year, different themes of phishing attacks are based on natural disasters, political events, holidays, health and viral incidents, etc.
Please exercise caution in handling any email subjects, attachments, hyperlinks or social media that seems suspicious. Themed emails often contain links or attachments that once clicked will redirect users to credential harvesting or malware-compromised website.
Can email be dangerous?
- Email is easily distributed. Forwarding email is the simplest way that a virus or malware can quickly infect many machines.
- Keep software up to date on all of your devices. This will deter attackers so that they can't take advantage of known vulnerabilities.
What can you do to protect yourself?
- Be vigilant of unsolicited phone calls, or emails from individuals asking for money, gift cards, or asking "are you available"
- Don't provide personal or financial information or unless you're able to confirm the individual
- Review the URL of the email or website. Malicious emails and websites often contain spelling errors or a different domain (.com vs .org)
- Nurture your inner security geek The slogan "if you see something, say something" is everywhere. It's another line of defense that we all can participate in. Report any unusual behavior in your digital world to the technology department or law enforcement agencies.
Your personal information is everywhere and privacy is diminishing. For every online transaction - email, social media post or instant message - it's digital shadow grows as copies are stored, backed up and archived on systems at your employer, bank, service provider and everywhere along the way. Once you've clicked, keyed or texted it, it's out there. Be an advocate of yourself and for your information.
- Any time you step away from your computer lock the screen to prevent access.
- You are responsible for the security and protection of your passwords.
- WPS requires an annual password change. A 16-character password is required.
- Screensaver: screensaver lockout occurs after 30 minutes of inactivity. However, the screen should be manually locked if the computer is unattended.
- If you have questions, contact your building Tech Para or the District Technology Office for assistance.