At almost every customer meeting, stakeholders are asking me what they should be considering for security protection. The typical sales guy may start rambling about Anti-Virus, Anti-Malware, Anti-Exploit and Firewalls, but for me, the first (immediate) action every corporation needs to take is training employees on how to discern “malicious” from “non-malicious”. Companies of all shapes and sizes need to have all end users regularly trained on how to identify potentially malicious emails, pop-ups, links, etc. In fact, Employee Awareness Training should be used when onboarding new employees too.
- Email – One of the most common methods of attacks and employees are easily confused. Emails ranging from the classic “UPS package delivery” email to the more recent domain spoofing and requesting of confidential information emails are filling today’s inboxes.
- Web Browsing – Another very common method of attack. Attackers consistently use pop up ads with messages such as “Your computer is infected with x virus” or “Speed up your computer with this software”. You may think – “Who will fall for that?” – The truth is that many people do unless they are informed.
- Phone Calls – Attackers are starting to use impersonation methods through phone calls – known as Social Engineering. One example includes malicious attackers calling into an organization and impersonating Microsoft by saying there is a problem with their Windows or Office application and ask for remote access to the computer to “fix” the problem. This gives the attacker the keys to the kingdom and can hold files hostage until a sum of money is provided.
The security landscape is changing daily and becoming more and more sophisticated. Help your organization and your employees by making Employee Awareness Training an immediate priority in your strategic plan to protect your organization from malware.
Remember: your employees are your first line of defense. The Walker Group can help!