Director of Security, AaDya Security
It’s no secret that our collective online activity has increased exponentially in 2020. Everyone works, shops and hosts virtual happy hours from home. This connectivity has allowed us to stay productive at work and connected with coworkers, family and friends, and there’s no sign of it slowing down any time soon.
With that increased activity, comes an increase in threats, many in the form of phishing attacks or scams using social engineering. These commonly used methods are designed to get you to click on a link, perform an action, or provide information that could put both you and your company at risk.
In addition to having the right tools in place such as good anti-virus protection and strong passwords, you need to remain vigilant. Now that we are in the middle of ramping up our year-end obligations at work, the busy holiday shopping season, and the cold weather is driving us back indoors to socialize virtually, we want to remind you to keep CAUTION in mind when you’re online.
C - Compassion or Curiosity: As human beings, we are naturally curious. Attackers understand this better than anyone and will leverage that to get you to click on a link or to engage with them. For example, “You won’t believe what these celebrities are doing now! Click here to find out.” So as much as you want to see your favorite celebrity doing something outrageous, think before you click.
A - Aggression or Authority: Attackers are known to use aggressive techniques, and often in combination with posing as an authority figure. For example, someone from a government agency calls to say if you don’t contact them immediately with your social security number, you could face penalties. If you want to make sure, we recommend you take a moment to find the legitimate contact information for whatever authority they are claiming to be, and follow up to confirm whether or not it’s true.
U - Urgency: Attackers will instill a sense of urgency to get you to act fast, hoping you won’t take the time to stop and think or double check whether the request is valid. One of the most common forms of this in the workplace is an urgent request from your boss to wire money or to share your cell phone number.
T - Too good to be true: There’s a reason this cliche has been around so long. Simply put, attractive offers are appealing and they often work. If you receive an offer that seems too good to be true, it likely is. As always, do not give out your information or agree to anything without doing your homework first.
I - Information request: Attackers can employ many techniques to get you to give them information that they can then use against you or your company. Whether they’re asking for personal details, or proprietary company or customer information, don’t provide anything to anyone unless you are absolutely certain it’s a legitimate request.
O - Offers of gifts or money: This goes along with “It’s too good to be true.” Attackers often use offers of gifts or money as a tactic to get you to click on a vulnerable link or provide them with sensitive information.
N - Not quite routine: Attackers understand that people are more vulnerable when they go outside of their regular routines or established processes. For example, someone reaches out to you via non-work-related social media to gain information about the inner workings of your business. You might be more willing to provide information when your guard is down and you’re not in “work-mode.”
While you alone can’t prevent every attack, following the simple rules of CAUTION can greatly reduce the risk of you or your company being compromised. To help, we've created this simple reminder that you can download and print to keep displayed near your workspace. Feel free to share with your colleagues, friends and family to help them stay cyber safe!