Cyber threats occupy matrixed attack vectors across numerous organizational assets, making it vital to have a layered security program that implements physical, technical, and administrative controls.
Phishing and smishing, social engineering attacks delivered through email and SMS text messages, respectively, are the most frequent threats impacting organizations today.
The increased use of personal devices stemming from unexpected work-from-home environments, coupled with national economic and political volatility, have dramatically increased the success rate of social engineering attacks.
The general rule of never clicking a link or opening a file enclosed in a message before validating the sender remains the foundational principal of a strong defense.
Always double check before interacting with digital media, and report phishing messages in accordance with your organization’s security policies.
Vishing—deception over the phone to gain sensitive information—is a tactic used by many bad actors to get nonpublic information from a person or organization. If you receive an unsuspecting call, never give out any personally identifiable information.
The same rules that apply for phishing and smishing also apply for vishing: verify the phone call before giving away any information about yourself. Bad actors will use any information possible to compromise a person or organization for malicious purposes.
Let’s get technical
Ransomware and malware may be out of the hands of the average employee at an organization, but there are still ways to detect if a virus has infected your device without deep information technology (IT) expertise.
If your computer has excessive pop-ups or is running unusually slow, you may have a form of malware on your computer.
Malware is primarily delivered through phishing attacks. If you suspect your company device may be infected, inform your IT department immediately so they may take the appropriate steps to contain and mitigate the event.
Work-from-home environments expose new vulnerabilities employees need to be aware of, including family members, neighbors, home break-ins, and at-home wireless networks.
Allowing family members or other people you live with to use your work devices could be potentially damaging to your organization. There is the chance that person could affect sensitive information you have on your computer, even if by accident.
In this case, it is best to use your work devices for work only and not let family members, roommates, or anyone else use them.
Remember, if you can hear your neighbors through the walls, they can also hear you. If you are discussing sensitive information, be aware of how loud you are talking and who could potentially hear you.
Also, keep your devices physically secure: routers, switches, IoT devices, personal computers, smartphones, and more. You can never be too safe, so take extra precautions such as locking away your devices to prevent theft and never leaving work devices in your vehicle.
In the rare case that you must, store the devices in a locked case and ensure it is hidden from view. Doing so may not prevent a thief from taking the case, but the lock presents one more layer of defense against cybercrime.
An often overlooked vulnerability is your at-home wireless network. If a bad actor can access your Wi-Fi, there are many tools they could use to spy on your internet traffic.
Thankfully, most wireless routers come with management apps and controls that can help protect your information. To prevent at-home Wi-Fi attacks, make sure your network is password protected, and turn on notifications so you are alerted when there is unusual activity on your network.
Credit Union Magazine’s Fall 2022 issue highlights credit unions’ role in cryptocurrency, the state of digital assets, cannabis banking compliance, the human side of technology implementation, and involving the board in financial discussions.
