Even before work from home became popular, businesses had to adapt to changing security demands. One major driving force of this change is the innovative strategies attackers have developed to extract data from unsuspecting workers.
With malicious actors determined to capitalize on today’s remote work landscape, what steps can you take to keep your day-to-day data sharing secure?
The following are five easy tips to set you on a safer path.
- Understand social engineering
Social Engineering is a form of manipulation where an attacker targets and coaxes sensitive information from a target. This method plays a huge role in many cybersecurity attacks. Understanding social engineering helps workers recognize when its being used on them.
The term social engineering seems abstract to many. It sounds like a term that belongs in a college student’s class presentation, not on the radar of your employees. You could be forgiven for not understanding how precise and effective a social engineering attack can be.
The most common form of social engineering is phishing. This is where an attacker will pose as a legitimate entity to get a target to divulge information or inadvertently install malware.
There is no single form a social engineering attack might take. Some attackers may pose as professional peers, while others may take the form of a help desk worker. Because there are so many angles of attack, employees must always be aware of their network security when offering sensitive information.
Understanding that social engineering attacks come in many forms will help keep you vigilant when sharing information.
- Scrutinize email addresses
This is a simple yet effective tip. When you are sent a link, request for information or a file to download, take a close look at the email address. If you do not recognize the domain, or if you see a slight discrepancy in the spelling, do not follow the link. Follow your company’s process for reporting phishing scams if the email fails this “sniff test”.
Consult with your IT department if you are unsure about whether an email is authentic.
- Verify before sharing data
If you receive a particularly odd request for information, you may want to confirm if it is legitimate.
Safe sharing practices can get muddy in fast-paced environments. If your team is on a deadline, ensuring shared documents are safely within your work bubble may take a back seat to getting the information where it needs to be. Receiving requests from superiors can add pressure for you to provide.
In this environment, a well-placed phishing request for sensitive information can allow an attacker access to your company’s sensitive data.
If you receive an unusual request for information, check with your supervisor to see if you are clear to fulfill it. If you are authorized to share the information, you may also want to call the recipient to verify that it was them who sent the request and not a malicious actor who gained access to their account. The upfront inconvenience is minor when compared to the impact of a data breach.
- Establish/confirm data sharing practices
With the variety of devices and software platforms capable of sharing data, it is easy for you to lose control of your data. Unlike hardcopy resources, digital information can be duplicated and spread instantly. If you have emailed someone a message containing sensitive information, you have lost control over what happens to it going forward.
If you are expecting to do collaborative work remotely, check with your company about their data sharing best practices and accepted work platforms. Have a meeting with your team and hammer out how you will be sharing information and confirming that everybody is on the same page about protecting sensitive information.
- Keep your documents off the web
Do you need to convert a document, but do not have the software? It may be tempting to find a web-based solution. Keep in mind that these types of websites require you to upload the required document. From here, you will just have to trust that this website will handle your data responsibly. This is too big a risk for the convenience.
As we discussed in our previous installment, you should only be using software that is approved by your company. If you are lacking the tools you need, consult your supervisor and IT department (if necessary).
Do not trade security for convenience.