Stories and Resources to Share
One thing espoused often is that everyone is connected online. We clearly felt this after the Equifax data breach. A credit bureau holding highly sensitive personally identifiable information on every American with a credit record (without their consent due to the way credit works) had that information stolen. Suddenly, a single cyber security mishap put 143 million Americans at risk of identity theft.
Read more about it in our post: The Equifax Breach and You.
What can one person do to make a difference? First, recognize that information has value to someone.
At work, this can include:
- Network access such as your work account login
- Information on customers or employees, which can be used in identity theft (such as birthdates, addresses, SSNs)
- Health insurance coverage, which can be used in medical claims fraud
At home, this can include:
- Personal email account login, which provides access to almost all of your other accounts
- Bank account login
- Credit cards
- Tax return filing site login, which can be used to change bank routing information or commit tax refund fraud
- Social network account login, which allows a scammer to spread their scams by spamming your contacts
Second, learn how to properly handle information. This includes evaluating every place you read, download, store, send, or share data. Are you conforming to company/department guidance? These rules are in place to protect information. Earlier this year, a Boeing employee sent a spreadsheet containing sensitive employee data to his wife’s personal email so she could assist with formatting. This action, which violated company rules on proper transmission and storage of sensitive data, compromised 36,000 employees’ personally identifiable information.
Next, learn how to recognize social engineering attempts that may occur over email, social media, text messages, phone, or even in-person. It may go against your helpful nature, but employ some skepticism! Today’s scams are putting people at risk of tax refund fraud and financial losses. In 2016, the IRS issued an alert to HR/Payroll professionals stating W-2 phishing scams were on the rise. These scams affect industries across public and private sectors, but can be thwarted by issuing and enforcing rules that require every employee to verify urgent requests for valuable/private information (such as W-2s and wire transfers) through an independent, trusted contact method.
Below are two resources on phishing (a popular and highly successful scam that involves impersonating a trusted person/brand in order to trick the victim into divulging sensitive information). Share these with friends and colleagues to spread cyber awareness!
- Learn to inspect FROM addresses and verify requests for private or valuable information
- Learn to look at the URL bar before using any kind of online form