The use of computers and email has become commonplace in the workplace. However, along with the benefits and convenience that these systems offer, they come with their own set of risks. Cyber attacks are common, employing different types of malware to steal data, damage systems, or extort money from companies or users. How do we guard against these threats? It’s not just about having technological safeguards such as firewalls and antivirus software, and security policies implemented in your workplace. It is just as important to make sure that your employees are aware of the threats, and how to recognize and avoid them.
A significant amount of online threats that users are exposed to come through email. Because of this, it is important that your employees know how to recognize malicious emails and know how to handle them. Here are a few tips on how to recognize and deal with these types of emails:
Be suspicious of links in emails.
Hover over the link to make sure that it is linking to a safe domain.
It is a pretty good danger sign if the address displayed when you hover over the link is different than the one in the body of the email.
Check the website address to make sure it is spelled correctly. Attackers sometimes make use of domains that are close to a legitimate website but not exactly right (For example g00gle.ca vs google.ca). This is to make you think it is a real website if you don’t look too closely at it.
Be wary of email attachments.
Look at the file extension to see what type of file it is. Common types are “.doc” for Word documents, “.xls” for Excel, or “.pdf” for PDF files.
Take extra care if the attachment has a file extension associated with an executable file (a type of file that will run when opened). An example of an executable file extension would be “.exe”.
Malicious code can be embedded in other types of files, such as Excel, Word, or PDF. Typically, this will not be able to run on its own and will require you to perform some extra steps. Be wary of following extra instructions when downloading attachments in emails.
Look at the email body for suspicious behaviour.
Spelling and grammar mistakes happen to all of us. However, if you see an email that is full of these, it is a danger sign.
Odd salutations such as “Valued Customer” or “Important Client” should tip you off, especially if the email comes from someone that would otherwise use your name.
Be wary of requests for sensitive information. Reputable companies will not ask for this via email.
Be cautious of emails that have some implied urgency. This might take the form of threats to lock a bank account, for example. This is a scare tactic to try to convince you to reply and provide sensitive information where you otherwise might not.
Do not open emails from untrusted sources. Many of the spam emails we receive are just advertising, but it is better safe than sorry. Attackers will often try to disguise emails so that they seem to come from reputable companies.
Never reply to spam emails. This informs the attacker that your email address is being used and makes you a better target.
If you are suspicious of an email that you received from someone that you know, verify that the email came from them by contacting them using a different form of communication (such as calling or messaging).
The dangers posed by malware are a very real risk, and emails are a weak point in our defenses. But by keeping your employees knowledgeable and up to date on security threats, you can mitigate this risk in your workplace.