Please make note of this important warning from DHS:
In the wake of the recent New Zealand mosque shooting, the Cybersecurity and Infrastructure Security Agency (CISA) advises users to watch out for possible malicious cyber activity seeking to capitalize on this tragic event. Users should exercise caution in handling emails related to the shooting, even if they appear to originate from trusted sources. Fraudulent emails often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from duplicitous charitable organizations are also common after tragic events. Be wary of fraudulent social media pleas, calls, texts, donation websites, and door-to-door solicitations relating to the event.
To avoid becoming a victim of malicious activity, users and administrators should consider taking the following preventive measures:
- Use caution when opening email attachments, and do not click on links in unsolicited email messages. Refer to CISA’s Tip on Using Caution with Email Attachments.
- Review CISA’s Tip on Staying Safe on Social Networking Sites.
- Refer to CISA’s Tip on Avoiding Social Engineering and Phishing Attacks.
- Review the information from the Federal Trade Commission on Before Giving to a Charity.
Every company is a potential target and should use a phishing simulation tool which tests employees by sending safe phishing emails. When employees click, they are then presented with educational material which helps them learn what to avoid.
The good news is the workers who click, can be quickly trained on what to avoid in the future.
Here are other areas all organizations looking to promote a cybersecurity culture need to focus on:
- Cybersecurity training must be done regularly.
- Auditing and documentation must be performed regularly to ensure systems are secure.
- Anomaly detection should be running constantly to detect threats as they emerge.
- Penetration testing shows if systems can easily be reached from the outside. Here is a case where this test might have saved two company’s’ reputations from being destroyed.
- Network forensics for when a breach eventually occurs. The bad guys always seem to get in eventually.
- An action plan to follow when a breach does occur. Once it happens, few will have the clear heads needed to “wing it” correctly. Equifax botched it’s response in what is being called a PR catastrophe.