Cyber Safety
begins with you
If you're wondering how to begin precautionary measures for cyber safety, begin with training your staff.
This truly is the best place to start because training employees on cyber safety:
1. provides examples on how to identify cyber crimes
2. establishes an action plan for all employees to follow
3. creates awareness and sense of urgency by explaining the seriousness of cyber crimes and their crippling effects
4. empowers and encourages employees to report suspicious calls, emails or incidences to a supervisor, IT management and/or human resources immediately
5. Knowledge is power, and trained, aware employees are your best team of protection against cyber attacks.
Email Example
Sally receives an email from what looks like her supervisor. The email has her supervisor's name and looks like it is a real email.
The supervisor says she is working from home today, but doesn't have her work computer. She is having trouble accessing the tax files on a specific list of employees. She is requesting the information be sent to her personal email.
Sally knows her supervisor is traveling but is never without her work computer. And, after clicking on the email address, an unfamiliar email address popped up.
What should Sally do?
Sally should report this incident to a manager and/or IT immediately, as there is a likely chance, it's a phishing email. Never provide secure information via a non-secure application. If you have any questions, ask a supervisor.
Hackers are smart and have a variety of ways to research, mimic co-workers or company logos, then wreck havoc on systems where untrained employees haven't been made aware of cyber safety.
Phone Example
Tom is at work finishing a report, when he receives a call on his cell phone.
The caller claims Tom has an outstanding, overdue tax bill of a specific amount, which must be paid immediately. Tom is asked to provide payment information to settle this debt now.
Tom claims his taxes are all paid, and he will have to do some further checking into this matter.
The caller claims Tom will be arrested within 24 hours by the police, if he does not take care of this debt right now. Tom said, let me do some checking and talk to my supervisor. And, the caller hung up.
What should Tom do?
Tom should report this to a supervisor and/or IT immediately.
Never give out any information over the phone, and if you have any questions or suspicions about a phone query, contact your supervisor.
1-on-1 Example
Jane is from MO, and she is attending a company trade show in Atlanta, GA. She encounters many people during that week, including employees from other locations, clients and potential new customers.
She began having a conversation with an individual, who claimed to be an IT resource. He began asking Jane about what systems they use and details about its security. Some of the questions she couldn't answer, and the person was using IT lingo, possibly to fit what he claimed he did professionally. Some of the questions he asked Jane made her think and question her information and knowledge.
What should Jane do?
Jane should report this to a supervisor. This way a supervisor or IT staff member can research and identify the credentials of this individual, who was seeking sensitive information about the company's operating systems and beyond.
Never give out any systems or security information. And if you have questions or suspicions, ask a supervisor.
Computer
Example
Carla and Cole are on a work retreat. Cole is at the pool relaxing, and Carla is finishing up last minute business emails on her work computer. She notices Cole has two more security items he must complete within the hour, so she goes to the pool to notify Cole.
He tells Carla, his work computer is up in the room, and he doesn't want to go and get it. He will just send from his personal computer. Carla said, "Cole, you know the company policy and should avoid sending or receiving anything business related on your personal computer." Cole said, "One time won't hurt." Carla said, "You don't know that for sure." Carla said, "C'mon, I'll help you, so it gets done in time and on a company computer." Cole complied.
Secure business information should ALWAYS be sent from a work computer set up by your IT resource staff.
Train your staff. Encourage and empower them to report suspicious incidences, whether they are a phone call, email, 1-on-1 or computer related.
Cyber safety begins with you.