Information Security Essentials

Teal Share Icon

Information Security Essentials for Work and Home 


Don’t get tripped up by cyberhackers and scammers. “You are the shield,” says Gary Sheehan, the Information Security Director at Elon University. Cyber attackers don’t only target big businesses, but individuals. Threats impact our personal privacy and business data and information. It is important to understand the potential cyber dangers that could negatively impact your personal and business information, resulting in a decrease in profit and overall security. See the definitions below to familiarize yourself with the tactics of attackers!

 

Malware: Malicious software. Computer software that interferes with normal computer functions or sends personal data about the user to unauthorized parties over the Internet. Malware comes in many forms and flavors. It is often used to propagate a phishing attack, but it can occur without a malware infection. 

 

Ransomware: Malware that holds the data of a computer user for ransom typically by encrypting the data on the receiver’s machine.  


Phishing: The act of sending an email that falsely claims to be from a legitimate organization seeking personal information from the receiver. Almost 50% of phishing attacks result in account compromise and/or identity theft. There are over 2 million domains tied to phishing accounts, and they are dedicated to helping others spam your account. Most phishing attacks share common characteristics. As of 2020, phishing is by far the most common attack, and they have become even more sophisticated. 

 

Form phishing exploits the ongoing uncertainty about the company’s policies. The attacker uses email that come from the leadership team and requires people to take action, like; “make an immediate payment.” Once the victim reacts and clicks on the link, the link will display a Microsoft login page and ask you to put in your credentials. The attacker will craft a webpage to accept the terms of the access, but it provides the attacker the capability to bypass existing security controls. It will give access to the victims’ emails, calendar, and SharePoint files. We need to be on our toes to spot and prevent these phishing schemes!

 

Ask yourself: 

Has this assistance program been officially announced?  

Do we have this support system? 

Is there an official company signature line?  

If not, just delete the email. “When in doubt, throw it out!” Don’t click on the unsubscribe link, because it will subscribe you to other phishing emails on the backend. Instead, tell outlook, or the platform provider, to block the sender in the future. 

 

Smishing uses cell phone texts to deliver the bate. The hook in the text my be a link to a website or something that demands the targets immediate attention, like; “you have been selected for a free $1,000 best buy gift cards. Reply yes to claim your prize.” You are usually prodded to provide your data. The URL may not be fully displayed so it can be hard to identify fakes. The cell phone numbers can be spoofed to make them look real, yet they are salespeople using false numbers. 

 

Vishing: Voicemail phishing that uses the voice over IP. Attackers will play automated recordings that make a false claim about identify theft which makes them call the attacker and enter sensitive information or connect to a live person to use social engineering to gain informant. Attackers prey on more vulnerable populations, like the elderly. 

 

Social media is also used as a phishing tool. Fake news is used to provoke outrage and motivate people to click the link that directs them to a page that suggest you have a virus and click the link to get rid of it. 

 

Spam: Unsolicited messages (such as e-mails, text messages, or internet postings) sent to many people or posted in multiple places. Spam is typically used to promote access to other products. There are generally legitimate companies behind the spam but pitch the spam to the trash. Block the domain, the network, or the number. 

 

Cybersecurity: Its meaning can be different depending on who is using it. It is an extension of our controls to protect the data and information that is beyond our private network. Our private network expands as we connect with other devices, people wireless devices, business partners, and service providers. 

 

In reality, we are quickly moving towards not having a private network, says Gary Sheehan. Everything we do will include cybersecurity. “Share with care!” To minimize infections, malware and maintain a culture of collaboration and open sharing, we need to take action by making our workplace a safer place to communicate, collaborate and innovate. Consider these steps to safeguard your business, employees, and family members. 

 

Implement security awareness programs. Security Awareness involves designing yearly campaigns to communicate to your constituents with security and compliance videos


For example:

 

Email reminders and presentations to learn more 

Orientation welcome letters with cybersecurity information 

Look into information security alert systems, opt in service  

Device Security  

Allow personal devices to auto update, ensure device remains current and limits exposure to exploits and vulnerabilities.  


The best way to protect your data is to back it up, both personal and professional, especially as ransomware becomes more prevalent.  

Protecting your email 

Use system and email controls.  

Junk Email check it often 

Be careful when opening emails on mobile device, as it is more difficult to spot spoofs.  

Configure privacy settings 

***Your home router is the primary protection you have against most Internet threats. It is designed to keep hackers from reaching directly into your home network.


Look into Identity Theft Protection Services     

Identity Guard (market leader) 
Identity Defense 
MyFICO  
LifeLock 
Experian 
IDShield 
IdentityForce 
IDWatchDog 
Intelius 
Identity Protect  


Cost: Anywhere from $7- $30 a month. Consider the following: 

What are the levels of service? 

How much insurance do they offer? 

What kind of reports and notifications do they provide? 

What do they monitor to get the information? 

Do they provide any safe browsing tools?  

Cybersecurity is becoming increasingly integral in running businesses, and generally living life. Take the right precautions to preserve your security by continuing to research the best practices and services to aid you in guarding your data!

 

Chandler Vaughan, Project Manager, EYOS Fellow 

Looking for more information on how Burlington’s Economic Development Office can help you? Sign up for our newsletter by clicking here. 


City Contact  

Chandler Vaughan  

425 S. Lexington Ave.  

Burlington, NC27215