Best Practices & Warning Signs of Suspicious Behavior
Introduction
At CARIRI, protecting sensitive information and ensuring the integrity of our digital systems is paramount. As we handle confidential data and rely on advanced technologies, adhering to cybersecurity best practices is crucial for minimizing cyber threats. This article provides an overview of safe practices for Passwords and Emails and how to recognize suspicious behaviour that could indicate potential security risks.
Safe Practices in Cybersecurity - Passwords and Emails
Use Strong, Unique Passwords
- Guideline: You must use complex passwords consisting of upper- and lower-case letters, numbers, and symbols. Passwords should be unique for each system or application.
- Why: To safeguard against brute-force attacks and credential theft.
- Key Practices:
- Avoid reusing passwords across multiple systems.
- Change passwords every 90 days or immediately after a suspected breach.
- Use approved password managers to store and generate secure passwords.
Email Security
- Guideline: You must exercise caution when receiving emails from external sources. Email attachments from unknown senders are prohibited from being opened without prior verification.
- Why: Phishing remains a top cyber threat; malicious emails often trick you into revealing sensitive information.
- Key Practices:
- Phishing (pronounced: fishing) is an attack that attempts to steal your money, or your identity, by getting you to reveal personal information – such as credit card numbers, bank information, or passwords – on websites that pretend to be legitimate. Cybercriminals typically pretend to be reputable companies, friends, or acquaintances in a fake message, which contains a link to a phishing website.
- Phishing is a popular form of cybercrime because of how effective it is. Cybercriminals have been successful using emails, text messages, and direct messages on social media or in video games, to get people to respond with their personal information. The best defense is awareness and knowing what to look for.
Here are some ways to recognize a phishing email:
Urgent call to action or threats – Be suspicious of emails and messages that claim you must click, call, or open an attachment immediately. Often, they’ll claim you have to act now to claim a reward or avoid a penalty. Creating a false sense of urgency is a common trick of phishing attacks and scams. They do that so that you won’t think about it too much or consult with a trusted advisor who may warn you.
Tip: Whenever you see a message calling for immediate action take a moment, pause, and look carefully at the message. Are you sure it’s real? Slow down and be safe.
First time, infrequent senders, or senders marked [External] – While it’s not unusual to receive an email or message from someone for the first time, especially if they are outside your organization, this can be a sign of phishing. Slow down and take extra care at these times. When you get an email or a message from somebody you don’t recognize or a new sender, take a moment to examine it extra carefully using some of the measures below.
Spelling and bad grammar – Professional companies and organizations usually have an editorial and writing staff to make sure customers get high-quality, professional content. If an email message has obvious spelling or grammatical errors, it might be a scam. These errors are sometimes the result of awkward translation from a foreign language, and sometimes they’re deliberate in an attempt to evade filters that try to block these attacks.
Generic greetings – An organization that works with you should know your name and these days it’s easy to personalize an email. If the email starts with a generic “Dear sir or madam” that’s a warning sign that it might not really be your bank or shopping site.
Mismatched email domains – If the email claims to be from a reputable company, like Microsoft or your bank or CARIRI, but the email is being sent from another email domain like googleassistance.ru, or microsoftsupport.ru it’s probably a scam. Also be watchful for very subtle misspellings of the legitimate domain name. Like micros0ft.com/go0gle.com where the second “o” has been replaced by a 0, or or rnicrosoft.com, where the “m” has been replaced by an “r” and a “n”. These are common tricks of scammers.
Suspicious links or unexpected attachments – If you suspect that an email message is a scam, don’t open any links or attachments that you see. Instead, hover your mouse over, but don’t click the link. Look at the address that pops up when you hover over the link. Ask yourself if that address matches the link that was typed in the message. In the following example, resting the mouse over the link reveals the real web address in the box with the yellow background. The string of numbers looks nothing like the company’s web address.
Tip: On Android long-press the link to get a properties page that will reveal the true destination of the link. On iOS do what Apple calls a “Light, long-press”.
Cybercriminals can also tempt you to visit fake websites with other methods, such as text messages or phone calls. If you’re feeling threatened or being pressured, it may be time to hang up, find the phone number of the establishment and call back when your head is clear. Sophisticated cybercriminals set up call centers to automatically dial or text numbers for potential targets. These messages will often include prompts to get you to enter a PIN number or some other type of personal information.
Conclusion:
Adhering to cybersecurity best practices is crucial to maintaining the security of your organization operations and protecting your clients and sensitive data. By using strong passwords and being vigilant against phishing, and suspicious behavior, you can greatly reduce the risk of cyber incidents. Everyone plays a vital role in this process, and quick action in reporting potential threats can help mitigate damage and keep your organization secure.