News | Oct. 8, 2017

Cybersecurity in the Workplace is Everyone’s Business

By Eric Ignash DLA CERT

With recent hurricanes, wildfires and earthquakes, there is no downtime from adversaries when donations are sent for relief work due to a natural disaster. Adversaries will design malicious emails that are used in social engineering attacks. The emails, also known as phishing attacks, are a form of social engineering.

What exactly is a social engineering attack? This variety of attack is based on human interaction to obtain or compromise information from an organization or its network. The attacker would seem legitimate or unaware of a process and request assistance. When asking questions, the attacker may be able to gather enough information to access an organization’s network either physically or remotely.

What is a phishing attack? Phishing is a method of social engineering. Phishing attacks utilize email and/or malicious websites to solicit personal information while acting as a trustworthy organization. Phishing attacks could be disguised to come from many other types of organizations. Depending on the event or time of year, different themes of phishing attacks are based on natural disasters, political events, holidays, health and viral incidents, etc.

Recently, there have been themed phishing campaigns designed for malicious cyber activity seeking to capitalize on interest in Hurricane Harvey and Hurricane Irma. Organizations are recommended to exercise caution in handling any email subjects, attachments, hyperlinks or social media related to hurricane relief. Themed emails often contain links or attachments that once clicked will redirect users to credential harvesting or a malware-compromised website.

Cyber security stats for the workplaceWhat can you do to protect yourself?

  • Be vigilant of unsolicited phone calls, visits, or emails from individuals asking about your organization’s internal information.
  • Don’t provide personal or financial information or organizational information such as the network layout unless you’re able to confirm the individual.
  • Review the URL of a website. Malicious websites often contain spelling errors or a different domain (.com vs .org).

Can email be dangerous?

  • Email is easily distributed. Forwarding email is the simplest way that a virus can quickly infect many machines.
  • Email programs streamline users needs. Email clients support almost any type of file that can be attached to an email message.
  • Keep software up to date. This will deter attackers so that they can’t take advantage of known vulnerabilities.

How can I safely donate to a charity?

  • Donate to charities you know and trust with a proven history.
  • Don’t assume that charity messages posted on social media are legitimate.
  • Be watchful for charities created during a current event. Check out the charity with the Better Business Bureau (BBB), Wise Giving Alliance, Charity Navigator, Charity Watch or GuideStar.
  • In Ohio, a charity or fundraiser must be registered and verified through the National Association of State Charity Officials.

References: