TitleBytes News & Happenings

Cybersecurity Awareness Month!

Cindy Immonen, NTP, CLTP

Do not ignore cybersecurity practices – Educate, Educate, Educate.
Routinely update all your devices, systems, browsers, and plugins. Do not download anything from an untrusted source.
Implement a multi-layered security approach including configuring accounts with maximum-security controls and conducting training.

WiFi
Don’t allow your device to auto-join unfamiliar networks.
Always turn off WiFi when you aren’t using it or don’t need it.
Never send sensitive information over WiFi unless you’re absolutely sure it’s a secure network.

Email
• From
The email is from someone outside the organization and it’s not related to your job responsibilities.
The email was sent from someone inside the organization or from a customer, vendor, or partner and is very unusual or out of character.
The sender’s email address is from a suspicious domain (like micorsoft-support.com).
You don’t have a business relationship nor any past communications with the sender.
It is an unexpected or unusual email with an embedded hyperlink or an attachment from someone you haven’t communicated with.

• To
You were cc’d on an email sent to one or more people, but you don’t know the other people it was sent to.
You received an email that was also sent to an unusual mix of people. For instance, it might be sent to a random group of people at your organization whose last names start with the same letter, or a whole list of unrelated addresses.

• Date
Receive an email at a usual time such as it should have come during business hours, but it was at 3 am.

• Subject
An email with a subject line that is irrelevant or does not match the message content.
Is the email message a reply to something you never sent or requested?

• Attachments
The sender included an email attachment that was not expected or makes no sense in relation to the email message.
An attachment with a possibly dangerous file type. The only file type that is always safe to click on is a .txt file.

• Content
Is the sender asking you to click on a link or open an attachment to avoid a negative consequence or to gain something of value?
Is the email out of the ordinary, or does it have bad grammar or spelling errors?
Is the sender asking you to click a link or open up an attachment that seems odd or illogical?
Do you have an uncomfortable gut feeling about the sender’s request to open an attachment or click a link?
Is the email asking you to look at a compromising or embarrassing picture?

• Hyperlinks
Hover mouse over a hyperlink that’s displayed in the email message, but the link-to address is for a different website.
Received an email that only has long hyperlinks with no further information.
Received an email with a hyperlink that is a misspelling of a known web site.
For instance, www.bankofarnerica.com — the “m” is really two characters — “r” and “n.”

Browser
Watch out for ads, giveaways and contests that seem too good to be true.
Pay close attention to URLs. These are harder to verify on mobile screens but it’s worth the effort.
Never save your login information when you’re using a web browser.

Apps
Only use apps available in your device’s official store – NEVER download from a browser.
Be wary of apps from unknown developers or those with limited/bad reviews.
Keep them updated to ensure they have the latest security.
If they’re no longer supported by your store, just delete!
Don’t grant administrator, or excessive privileges to apps unless you truly trust them

Bluetooth
Disable automatic Bluetooth pairing.
Always turn it off when you don’t need it.

Smishing (phishing via SMS)
Don’t trust messages that attempt to get you to reveal any personal information.
Beware of similar tactics in platforms like “What’s App”, “Facebook Messenger”, “Instagram”, etc.
Treat messages the same way you would treat email, always think before you click!

Vishing (voice phishing)
Do not respond to telephone or email requests for personal financial information.
Never click on a link in an unsolicited commercial email.
Speak only with live people when providing account information, and only when you initiate the call.
Install software that can tell you whether you are on a secure or fake website.

Source: KnowBe4, LLC