Training Your Staff to Recognize Threats

The best thing a business or employee can do to prevent social engineering and other forms of cyberattacks is to be aware! Establishing a security awareness program is a good goal to work toward.

Unfortunately, what tends to happen is companies only perform security awareness training as an annual requirement to satisfy compliance. However, that cannot be the only time you are educating staff.

We know the power of training — empowering — your own staff to be on the lookout for cybersecurity threats and stop them before they start.

Here are some basic recommendations all businesses should be following:

• Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
• Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.
• Do not reveal financial information in email, and do not respond to email solicitations for this information. This includes the following links sent in email.
• Do not send sensitive information over the Internet before checking a website’s security. 
• Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
• Verify The Company Contacting You. If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information.
• Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic.