How to Identify If an Email is a Security Risk
There’s one major reason why email is the preferred method of spreading threats like ransomware and other types of malicious software. The sheer number of messages that can be sent through email on its own increases the odds that a user will click on the wrong link or download the wrong attachment. How can you know the legitimacy of any message you receive in your email inbox?
Mobile Cybercrime Puts Your Business at Risk
The opening ceremonies of the Olympic games are always a spectacle, and the people of Pyeongchang County in the Republic of Korea didn’t disappoint. While the world watched, behind the scenes there was a cyberattack going on. The attack, carried out by Russian hackers, seemingly retaliating for a nationwide ban placed on their athletes at the games, paralyzed LAN and Wi-Fi communications, prevented tickets from being printed from the Olympics website, and took until 8 a.m. the following day to restore.
How to Identify If an Email is a Security Risk
There’s one major reason why email is the preferred method of spreading threats like ransomware and other types of malicious software. The sheer number of messages that can be sent through email on its own increases the odds that a user will click on the wrong link or download the wrong attachment. How can you know the legitimacy of any message you receive in your email inbox?
Mobile Cybercrime Puts Your Business at Risk
The opening ceremonies of the Olympic games are always a spectacle, and the people of Pyeongchang County in the Republic of Korea didn’t disappoint. While the world watched, behind the scenes there was a cyberattack going on. The attack, carried out by Russian hackers, seemingly retaliating for a nationwide ban placed on their athletes at the games, paralyzed LAN and Wi-Fi communications, prevented tickets from being printed from the Olympics website, and took until 8 a.m. the following day to restore.
How to Identify If an Email is a Security Risk
There’s one major reason why email is the preferred method of spreading threats like ransomware and other types of malicious software. The sheer number of messages that can be sent through email on its own increases the odds that a user will click on the wrong link or download the wrong attachment. How can you know the legitimacy of any message you receive in your email inbox?
It all starts by being aware of the issue at hand and staying vigilant of any potential threats. You should actively look for reasons not to click on links in suspicious emails. You can never be too careful, especially when there is so much on the line. Here are three warning signs that you can look for to avoid a malware attack via email.
Spelling and Grammar Errors
Nobody has perfect spelling and grammar, and it’s forgivable if they make a mistake here or there, but when an email is filled with errors that make it hard to believe its authenticity, perhaps you’re staring a red flag in the face. Professional messages will at least contain passable grammar that makes them easy to understand, but a malicious message might be filled with all sorts of nonsense that urges you to click on a link or download an attachment. Sometimes you might encounter a phishing email that’s very discreet, but this is more of an exception than the norm.
Links Leading to Suspicious or Unfamiliar Targets
Let’s say that you receive a message from your bank. When you hover over a link in the message, it shows that the link doesn’t lead to any site you’re familiar with. This is a clear indicator that you might be looking at a very well-orchestrated phishing scam. Before clicking on any link, just hover your cursor over it without clicking on it. In a bar at the bottom of your browser, you’ll see the target of the link. If it looks suspicious, you can easily disregard it or report it to IT.
Messages from Unknown Senders
Who did you receive the message from? If you know who sent the message, then perhaps the message is legitimate. However, it’s easy for hackers to spoof an email address and make it appear that someone else is sending a message. Remember, suspicion is better than falling into a trap. In a worst-case scenario, even a CEO or upper-level employee could have their account spoofed in a phishing or whaling scheme. If you suspect that this has happened, notify your IT department immediately so that measures can be taken against these efforts.
Thankfully, with a little bit of thought and caution, you can avoid most fraudulent emails, but it would be nicer if you didn’t have to worry about seeing these messages in the first place. An enterprise-level spam filter can keep fraudulent and spam messages at bay. To learn more, reach out to us at (317) 705-0333.
With Great Power Comes a Greater Security Risk, Study Finds
Every user on your network adds an additional level of risk, whether it be risk of user error, making a mistake that causes a data breach, or worse. One would assume that a company’s biggest risk would come from an untrained employee that disregards security policies, but surprisingly, that’s not always the case. Research has shown that a company’s CEO along with the rest of its C-level executives are the greatest security risk.
There are multiple factors that go into this. Take for instance the sheer amount of sensitive data that a CEO has access to. Whereas an average employee may just have access to data pertaining to their job or their department, a CEO generally has carte blanche to access any data they desire.
Then there’s the fact that CEOs typically have a poor work-life balance. This means that they put in way more hours than the average employee. You don’t have to be an expert in risk assessment to understand that a user accessing a company’s network 60, 70, or even 80 hours each week is a far greater risk than a user that only accesses the network 40 hours per week.
Both of these factors contribute to another reason why CEOs make for such a large security risk: the mobile devices they carry. In an effort to always be connected to the office, a CEO’s mobile device may have unfettered access to company records and sensitive information–more so than an average employee’s personal device.
In the case of an employee that has separate mobile devices for their work and personal life (often a luxury that CEOs can’t enjoy), the risk of data leakage or a breach resulting from the device getting lost or stolen goes down dramatically. Alternatively, CEOs aren’t restricted to the office and this mobility increases the risk of being hacked outside the office, especially when it comes to using their mobile devices in venues that offer public Wi-Fi, like coffee shops, cafés, conference centers, airports, etc. Hackers know this and they go to great lengths to make public Wi-Fi hotspots traps for unsuspecting users. This is why CEOs should be wary about accessing public Wi-Fi, and why it’s preferable that CEOs even avoid public Wi-Fi altogether (unless you are using a secure VPN to access all of your data).
A 2017 security report by iPass confirms this risk of cyber-attacks at popular Wi-Fi hotspots. The report ranks the riskiest public venues as follows.
- Coffee shops and cafés, 42 percent.
- Airports, 30 percent.
- Hotels, 16 percent.
- Exhibition centers, 7 percent.
- Airplanes, 4 percent.
How much time do your company’s C-level executives spend doing business from these locations? The more business that’s done using Wi-Fi at these locations, the more of a risk an executive or even a mobile employee is to your organization.
Finally, CEOs are in a category unto themselves when it comes to another risk: CEO whaling scams. This is where scammers spend time researching the lives and motivations of CEOs so they can specifically target them with scams from a variety of sources, including email, phone calls, traditional paper mailings, and whatever other means they can use to get in contact with a CEO. This is an extremely dangerous scam because, unlike traditional scams like spam messages where the same message gets sent to thousands of people (and it’s often easy to recognize that it’s a scam), a CEO whaling correspondence is personalized to play on a CEO’s deepest fears and desires. For the scammers that go after CEOs like this, the effort is worth the time investment, due to the simple fact that CEOs make for such lucrative targets.
So, there you have it. CEOs are one of a company’s biggest security risks. For your business, this means you’ve got to take additional measures to ensure the protection of your C-level executives. Generally speaking, the same security plan and policies that work for the average employee won’t cut it for an executive, which is something you need to take into account when coming up with your company’s security and BYOD policy. Need help protecting your company’s data? Give Catalyst Technology Group a call today at (317) 705-0333.