Threat-aware employees are the first line of defence against cyber intrusions. Too often, that defense needs strengthening.  70% of phishing emails were delivered to their targets, and 7% of recipients clicked on the malicious link. As has been proven time and time again, it only takes one. One click, one missing endpoint agent, one failed alert, one unsuspecting employee, and the adversary can proclaim victory over your network.  

Heightened awareness can be a powerful antidote. To protect from a social engineering attack, coach all employees to take these precautions, particularly on their mobile devices. 

  1. Be skeptical of emails from unknown senders or familiar people (like your company’s CEO or your doctor) who do not usually communicate directly with you. 
  2. Don’t click on links or open attachments from those senders. 
      
  3.  Don’t forward suspicious emails to co-workers. 
      
  4. Examine the sender’s email address to ensure it’s from a true account. Hover over the link to expose the associated web addresses in the “to” and “from” fields; look for slight character changes that make email addresses appear visually accurate — a .com domain where it should be .gov, for example. 

Employer and as well as employee can follow below practise for the better cyber security hygiene  

Make sure they’re using strong passwords. That means a combination of uppercase and lowercase letters, numbers and special characters. Your employees also should change their passwords regularly and never share them with anyone. 

Protect private information. Everyone should understand this but lapses happen. Remind your employees that they should disclose private information only when necessary and to always verify the source if asked to input sensitive data for a website or email.  

Don’t open suspicious links and emails. An indication that a site is safe is if the URL begins with https://. Train your employees to hover their computer mouse over any links in the email to see the full URL before clicking on them. If something doesn’t look right, they should alert your IT department. 

Scan all external devices. We’re talking about USB flash drives especially, an all-too-easy way for hackers to contaminate your systems with viruses or malware that enables them to steal information or even crash your system. 

Remind employees that public Wi-Fi networks can be dangerous. Today, our smartphones hold much more than contact names or numbers. Hackers trolling airports and coffee shops can gain access to everything from emails to proprietary company data stored on your employee’s smartphones or tablets. Employees should choose the most secure option, even if you have to pay for it. 

Protect company data and financial assets. Don’t put confidential information in email, instant or text messages. For the most sensitive transactions — Recurring payments, payroll, and the like — an encrypted server is best. 

The risks of social media networks. Ideally, employees should set their social network profiles to private. Remind them that revealing any trade secrets, confidential or client information online is prohibited, even in a private forum as a post, snap, reels and messages. 

Use only authorized software. Installing unauthorized software on a computer system, workstation or network server can lead to potential viruses, system degradation or even system failures. Employees should know that only software authorized by your company may be purchased, installed or used on company-issued computers. 

Watch for phishing scams and social engineering fraud. Employees, especially those close to the upper ranks in your organization, make great targets for phishing scams and what’s known as social engineering fraud. These scams can lead to unauthorized transfers of money or fake purchase orders. Put a system in place to confirm POs sent in by email or wire transfer requests. An easy solution? Pick up the phone to call the individual who sent the request to make sure everything’s on the up and up. 

One needs to understand their responsibility, which each one need to take care of from the perspective of the organization as well as from the perspective of personal hygiene.