People are spending a lot more time online in the workplace, and a working internet connection is crucial for them to get the job done. However, the internet has become an area that can also pose some danger to a workplace and its employees. Because while people often fall prey to scams and malicious attackers in their personal lives, they don’t think that the same can happen in the workplace. However, quite the opposite is true. While most companies invest in some form of cybersecurity, like a firewall and antivirus software, many often tend to forget about their employees.
It’s vital to establish cybersecurity rules in the office and train employees to know what dangers to look out for. Much like other potential dangers in the workplace, cyber threats have to be highlighted and discussed at length with staff. At least, if the company wants to protect its intellectual property and business assets.
Some of the Most Common Online Scams Employees Fall Prey to
Phishing email scams are one of the biggest online threats to companies, according to a recent report by F-Secure. Phishing works because it tricks the person into thinking that they’ve received communication from an official source. There’s also usually a sense of urgency involved in the message that makes people hastily follow the instructions without thinking things through. After the email or social media message has been opened, the scammer will always provide a link to a fake website that looks like a real one.
The goal of this scam is to get the person to fill in their real passwords and credentials on the fake website. As soon as people do that, the scammers may have access to all sorts of sensitive data.
Greeting card scams
In all companies, there are employees who love to send around cute cat pictures or other equally cute messages. So some people might not think twice before opening an online greeting card that’s been sent to them by a ‘coworker’. Especially around the holidays. Unfortunately, though, this is a popular tactic for scammers to install malware on people’s computers. This malware will then work in the background to gather sensitive data like client records, passwords, and financial information. All of this info then gets sent to a remote server.
Tech support scams
Tech support scams are one of the oldest tricks in the scammer’s book, but people keep falling for them. The problem is, people are usually not clued up enough with technology to realize that they’re being lied to.
A tech support scam starts with a phone call from an ‘expert’ at a tech support company. The expert will tell the person that their computer has been hacked and use all sorts of fancy technical language to confuse them. Usually, the scammer tries to get the person to either give them remote access to their computer (so they “can help with the problem”) or get them to download ‘necessary’ software. Either way, as soon as the person completes the request, the scammer gets access to all the sensitive information the computer may hold.
The 5 Most Important Things That All Staff Should Know
Avoid emails with suspicious links
Any company, large or small, can be the victim of a phishing attack. So it’s crucial to teach employees about the warning signs of a potential phishing scam:
-It’s a big red flag if the message seems suspicious in any way or implies that it’s very important that this action is taken right now.
-Try to avoid clicking on links sent in emails when possible. Instead, type the URL in manually. If clicking on a link is unavoidable, then make sure it looks legit with no misspellings or errors.
-Emails from colleagues that contain attachments should be treated with equal suspicion. A colleague’s computer could contain malware that will now travel through the attachment. If the email or attachment seems suspicious in any way, don’t open it.
Backing up data should be second nature
Data backups are immensely important nowadays to avoid being the victim of ransomware scams. Companies are the biggest targets for these scammers because they’re usually willing to pay more to get their data back. To not be at the mercy of ransomware scammers, back up all data regularly.
A VPN can help keep the network safe
A virtual private network (VPN) on both desktop and mobile can keep connections private and help protect against potential threats. Most internet actions go through an internet service provider that doesn’t hide the network’s IP address or location. A VPN acts as the middleman between the computer and ISP by encrypting that connection. This provides anonymity. Because it would be hard for hackers to decrypt the connection and also because there are multiple people connected to the VPN server at a time. This prevents hackers from being able to decipher the online actions of one single person.
It’s a good idea for employees and businesses to invest in a VPN to protect their data. It’s also especially important for individuals who handle any company data through their phones. There are many great VPN service providers out there to choose from for both Android and iOS, and some even cater specifically to companies.
Do not write down passwords
This is one of the most common ways that passwords get stolen. Someone leaves their password in the open for everyone to see – including a scammer looking through photos of the recent office party. Or someone pretends to do business with the company but is really looking to find any documents or notes with passwords lying around. So never write them down.
Do not give any outside party access to the computer
If an employee gets a phone call and is told their computer has been hacked, they should hang up. Even if the person on the phone may seem legitimate, it’s best never to follow their instructions. If the company has an internal IT team, then they should be contacted to handle the potential ‘issue’. Otherwise, the manager should be notified so that they get a legitimate IT contractor to see if any action is needed.
People will always need to be vigilant as technology keeps evolving, and scams get even more complicated. Scammers have access to more companies around the world each day as an internet connection becomes essential to do business. Which is why it’s essential to make sure that employees are taught to respect and implement safe cybersecurity practices.