Security is the first and most important concern for every office workplace. Safety of your employees, but also safety of your information. When sensitive or important data needs to be safeguarded, most organizations buy a well-reviewed anti-virus program. But relying on anti-virus alone is like only wearing a mouth guard to play professional football, and leaving your helmet and padding back in the locker room. You never know from which direction a tackle is going to come or in what way it will hit you.
One of the most prevalent ways that scammers will attack your office is through phishing schemes. There are many kinds of scams involving phishing, but most follow the same basic steps. How does phishing work? The scammer will send a seemingly legitimate email to a member of your staff. Unless their scam is particularly sophisticated, they will usually avoid IT and send it to a higher up with clearance and little technical know-how. The email will have a link or a file that requires a login to view. The site or file itself is not what it says it is, and the password information you put in will be sent back to the scammers. They now have access to an exec’s email. Once they’re in, they can spread like a virus among your workstations and file sharing programs.
How can I avoid getting phished?
That’s what you’re frantically googling now, isn’t it? Well, let’s go over some valuable best practices. At Computhink we take security very seriously, whether it’s the safety of your professional documents or your staff’s private information. Our Enterprise Content Management software, Contentverse, is built on security and organization.
Can I trust familiar email addresses?
Most successful phishing scams use your colleagues’ names if they can. They will find a company email address and pair it to a staffer’s name. For instance, they will figure out that jsmith@website.com probably matches the public record (easily found on LinkedIn, etc.) of John Smith who works at website.com. They use that template on other staff to figure out their email addresses. They then buy a similar looking domain, such as “wcbsite.com” or “wedsite.com”. Something anybody could mistake for the real thing. They add your colleague’s username and send you an email from jsmith@wedsite.com. It’s short and sweet, and the content fits John’s job description. Something as typical as, “Hey, can you validate these numbers for me?” with a link to a document.
All it takes is tricking the first unlucky employee or executive. Because once they have access to a real email account, it becomes a simple matter of sending an email to IT from a trusted source. Suddenly, the email addresses you thought were safe are compromised. Get in the habit of checking the sender’s address, keeping an eye out. Don’t open an attachment without confirming what it is for. Beware of vague emails that seem a propos of nothing.
Use your phone
If a colleague or employee sends you something without previously discussing it, whether it’s an email attachment, a link, or an IM, call them up. If it turns out to be legitimate, at least you now have this chance to discuss the content over the phone. When receiving anything even a little bit suspicious, give it a closer look. If you’re still unsure, always call first. Most email clients will filter out phishing attempts and scams that use well-documented tactics, but beyond that, you just have to maintain your skepticism.
When sharing passwords or sensitive information with a coworker, it is best to call over the phone or use an encrypted messaging service. However, if your company is using VoIP for its phone systems, while this technology has the potential for greater security applications, is in its basic form more open to web-based security threats. Contact your VoIP service rep to discuss options for upgrading to a guarded version of their software and hardware.
Use distribution lists
One of the places that phishers get your professional or personal information is from your company’s website. Many organizations list their staff and contact info on high level pages. This isn’t only open to the public, but bots can also crawl sites for email addresses and phone numbers with ease. To circumvent this, some companies will post their contact information on an image file, which many bots can’t read, or they will have numbers or email special characters spelled out. Alternatively, you can forego using your named emails for external mail and instead create a distribution list. info@website.com can be made with a list of relevant parties to receive forwarded emails that get sent to this address. Then, you place this in the footer of your website, creating an all-purpose listserv address to which customers or patrons can send inquiries.
Contrariwise, you can give each department a single, shared address to use for external email with clients and partners. This leaves named email addresses for internal use only, ensuring that your email addresses for trading sensitive information are sequestered, and the public facing emails only send and receive non-sensitive data. For instance, Beth Smith in Tech Support will now have bsmith@website.com for relations with colleagues but can use the shared support@website.com for messaging customers with technical issues. For a small company where many departments only contain a single employee, this option isn’t likely as cost-effective or as necessary than for a large organization.
Secure websites only
Some phishing scammers will take you to an unsafe space on the internet. Avoid HTTP websites if possible, and opt for HTTPS. The “S” means “secure.” Most browsers, like Chrome and Firefox, warn you of suspicious pages before allowing you access. Avoid any websites your browser recommends against. Use an ad-blocker – it doesn’t just stop you from seeing annoying ads, it also blocks harmful pop-ups which can get a stranglehold on your browser. Additionally, an anti-virus and anti-malware program will often come with a browser plugin so that it can review sites you’re visiting for harmful code.
While more rudimentary phishing scams will simply send you a link to harmful page, some phishers have the know-how to build an authentic-looking google account page. It looks like two step verification. But unless the address says google.com before any backslashes, then this is likely a scam. Be wary of such addresses. Don’t put in your information unless you’re sure that it’s Google or a subsidiary. The same goes for Microsoft, Mozilla, etc.
Anti-virus is not enough
Non-tech folks tend to install an anti-virus software and forget about it. You might be thinking that this is the end of your security concerns. Smooth sailing from here… Not even close! Anti-virus only protects you from viruses, and at that only the ones on which the software is up to date. First of all, make sure your anti-virus service provider is automatically updating the product with the latest virus definitions. Then, start looking at anti-malware, which will protect you and your computer from harmful or suspicious programs. Some anti-malware services will be packaged with a popular anti-virus. There are plenty of free versions of these programs, but some of them can themselves be malware. So, carefully read reviews. If possible, ask an IT professional. They may recommend an expensive product. It’s okay to shell out the big bucks for security, so long as it is well-reviewed and recommended by professionals.
If you have a shared server at your company and a private network, you may want to consider using a firewall to protect that network from intrusion from an outside source. In addition, whether you host your website on your own servers or in the cloud, there are many ways to safeguard access. Check with your hosting company and your CMS. Each will give you options for protecting your site from bots and hackers. Brute force attacks on a website are common. And sometimes getting into your site’s backend could give an intruder access to your mail server, the ultimate boon for a phisher. Set up security early, preferably before going live on your website or setting up your organization’s computers on the network.
It is also a good idea to invest in a secure content management system to keep your files and data safe. Most companies just store documents on each user’s computer in a rudimentary filing structure. The only thing barring an outside party from access is a single password. But an Enterprise Content Management solution like Contentverse has end-to-end encryption and permissions-based folder access. So that even if a phishing attempt successfully accessed your email, they’d have no way to access your company’s sensitive information. Bottom line – don’t get phished. But if you do, Contentverse has you covered.
FOR IMMEDIATE RELEASE Steve Harnden, Marketing Manager, Computhink 630.705.9050 x221, sharnden@computhink Lombard, IL, January 3, 2013 – Computhink, Inc., a leading provider of Electronic Document and Content Management Solutions to the small to mid-sizedRead more
Office space is shrinking. Companies have gone from the generous 500-700 square feet per employee in the 70-s to around 200 square feet today. Zappos allocates as little as 120 square feet to each employee.Read more
To keep your business running smoothly, you have to pay attention to how its underlying processes are being managed. How do you accomplish this? Through business process automation (BPA). I’m not just talking about theRead more
Regulatory compliance, whether governmental or a self-regulating body, has always been a primary concern of business. In recent years, a number of comprehensive regulations have come into effect due to financial scandals involving several financialRead more
Having access to your documents from anywhere is more than just a convenience. Content and document management software enables relationships with clients and co-workers to be more seamless and integrative, with assigned tasks and documentRead more
Microsoft’s SharePoint remains a great app for collaboration and file sharing, but when trying to expand capabilities users quickly find the ubiquitous biz application inflexible without a load of add-ons – add-ons that make theRead more
For most people, at least 1/4th of their time each week is spent in the office. As a result, it’s prudent to treat your office space like a second home. Clutter is a major distractionRead more
FOR IMMEDIATE RELEASE Steve Harnden, Marketing Manager, Computhink 630.705.9050 x221, sharnden@computhink CHICAGO, IL, July 24, 2013 – Computhink, a global provider of document and content management software, has rebranded their flagship product to Contentverse.Read more
Leave a Comment