Don’t be tricked into giving away confidential information
There have been many reports of cybercriminals calling a victim by telephone to request certain information, as well as access to confidential data or asset resources. This method at first glance may have you saying to yourself; “It could never happen, who would be fooled that easily?” The notion of someone calling you and randomly requesting information about you, your business, or anything else for that matter is not at all that hard to grasp. In fact, this may be the easiest and most effective way of gaining confidential information. If the cybercriminal calls out to one million people and they gain a small percentage of that, they will have completed their task and gained that which they have sought.
It can be fairly easy for these types of criminals to call and say that they are an employee or a client of your business. This is why it is very important to educate your staff and employees of who they should be talking to about such information; and if they are uncertain, who they should ask for clarification. Education is, when talking about IT security especially, the most effective way of being secure.
Being on your guard and being educated is only the beginning; we must also put into place a way to report and respond, quickly and effectively, anything that may be suspicious. You may ask yourself, “what should I deem as suspicious?”, and “is thissuspicious?” My answer is that we all have an instinctive nature that tells us whether or not something is right or wrong. Using this instinct, outside of anything you have been shown to recognize, is something that you should depend on to report such activity. If you think something is suspicious, it probably is.
Notice we haven’t discussed emails doing the same thing; this is because it falls under the category of Spam, which is a discussion for another day. I will mention that you can, and will most likely, get emails using the same method as I have noted above. Be on your guard for these as well, and report them to the proper authority.
Protect yourself, your employees and your company by establishing IT Security Compliance Procedures. These procedures will help prevent your company from accidentally being put in compromising positions. Look for our next Super Summer Security Suggestions discussion of do’s and don’ts in IT security, and please take care and stay safe.