Monday, October 23, 2017

IT Security - Email Security Awareness

A colleague requested that we should have some form of IT security awareness program. So to kick start it, the first article of this topic will centered around Email Security.

Security Awareness

Security awareness is nothing but a knowledge of potential threats. Its an advantage of knowing what type of threats / security issues and number of incidents, our organization may face in day-to-day operation. It's not possible to ensure 100% security through technology, unless staffs are provided with adequate information security awareness. Personal responsibility are the key of success of any information security program.

Why Information Security

Information is a valuable asset for all kinds of business. More and more information related crimes happen. Information leakage, damage will impact business. With regards to online information, the Internet allows an attacker to attack from anywhere. Malicious code from an email, a web page or a file in USB, can infect the entire organization. A breach is often the result of a simple mistake (or lack of awareness).


Rules to Stay Safe Online


  • Rule #1. Stop, Look, Think!. Use that delete key.
  • Rule #2. Do I spot a Red Flag? Verify suspicious email with the sender via a different medium (e.g personal call, messaging).
  • Rule #3. When in doubt, throw it out.


End User Email Security Best Practices 

There are also some important best practices that end users should follow to ensure secure email usage. Arming your employees with the know-how to avoid risky behaviors can make a substantial impact on your company’s ability to reduce risks associated with email. Email security best practices for end users/employees include:


  • Never open attachments or click on links in email messages from unknown senders.
  • Change passwords often and use best practices for creating strong passwords.
  • Never share passwords with anyone, including co-workers.
  • Try to send as little sensitive information as possible via email, and send sensitive information only to recipients who require it.
  • Use spam filters and anti-virus software. We know that you're busy but if a technician from Pasti Nyala came over to perform routine maintenance, do allow them to do their job.
  • If you received some suspicious emails from your co-worker, do verify with them. This will alert they of possible breach of their email account. 
  • When working remotely or on a personal device, use VPN software to access corporate email.
  • Avoid accessing company email from public wi-fi connections.


Countermeasures

Countermeasures can take the form of software, hardware and modes of behavior. Behavioral countermeasures include:

  • frequent deletion of stored cookies and temporary files from Web browsers
  • regular scanning for viruses and other malware
  • regular installation of updates and patches for operating systems. Let Pasti Nyala technician handle this for you.
  • refusing to click on links that appear within e-mail messages
  • refraining from opening e-mail messages and attachments from unknown senders
  • staying away from questionable Web sites
  • regularly backing up data on external media.


Email Jargons

Spam email or Junk email is a form of commercial advertising which is economically viable because email is a very cost-effective medium for the sender. If just a fraction of the recipients of a spam message purchase the advertised product, the spammers are making money and the spam problem is perpetuated.

Phishing is when a scammer uses fraudulent emails or texts, or copycat websites to get you to share valuable personal information – such as bank account numbers, credit card numbers, or your login IDs and passwords. Scammers use your information to steal your money or your identity or both.

Scammers also use phishing emails to get access to your computer or network then they install programs like ransomware that can lock you out of important files on your computer.


Phishing scammers lure their targets into a false sense of security by spoofing the familiar, trusted logos of established, legitimate companies. Or they pretend to be a friend or family member.

















GMAIL - Last Account Activity

If you are a user of GMAIL, open your mail box and scroll to the bottom of your mail box. On the right side, there is an information on your Last Account Activity. Click Details to show your historical access to your mail box. Perform this task occasional and report an incident if you noticed something abnormal about your activities, as someone else might be trying to hijack your email account.





















Lastly, do report any abnormality or incident to our IT Support or email direct to RWS so we can investigate and perform corrective measure.




1 comment:

  1. Additional Note, if you receive any email from bank, lhdn, look like their email.
    If those email, not end up with gov.my, .com (usually), those are spam. Never open, delete it immediately.

    Remember, dont reply to those email.

    ReplyDelete