1-866-245-5224 info@globallearningsystems.com
Wed, August 23, 2017 Twitter LinkedIn

Compliance Training Blog

Security is everyone's responsibility

It is your responsibility to maintain security awareness

Common Scams to Beware of

  • Your IT staff will never ask for your passwords in an email.
  • Your HR department will not ask for Personally Identifiable Information like your social security number or birth date in an email. 
  • You will never receive a legitimate fax or document or image from a generic email (e.g. [email protected]).
  • Your Bank/Credit Card/Social Media/etc. will never contact you asking for account information to verify that you own an account.
  • Never transmit personal information via email

If you receive an email asking for information, be sure the email was intended for you and that the sender is verified. Do not respond to the email to verify this - call or contact the person directly.  

There have been many instances of employees receiving emails posing as their own organization. If you see an email from your company or from another organization that seems out of place, be sure you verify directly with the listed sender that the call to action is legitimate.  

These emails tend to look like they come from a trusted source and say, “I need to verify some information in this form with you.” So be careful any time you receive an email requesting personal information and do not click any links. Similar phishing tactics are tied to an urgent call to action requesting personal information and involve warnings around some dire reason you should respond.  (e.g. We need to verify your [bank] account number to make sure you are the valid owner or we will close your account.)   

NOTE: Most of these scams also appear in the form of sophisticated phone calls (This is your helpdesk following up on that issues you had... I’d be happy to help you, what’s your user name?  What’s your password?...) In this attack commonly known as pretexting, the attacker has done prior research and seems to know you and what you are looking for. Don’t fall for the trap.”


Don?t become another statistic on this year?s overwhelming number of security breaches

Security is everyone’s responsibility, and you can help

Password and email security

  • You are responsible for frequently changing your password and consistently logging out of your account when you are done with your session. This best practice is required to be sure you are doing what you can to prevent a security breach. You don’t want an attacker using your account to send out malicious data in your name.
  • Don’t use the same password for multiple accounts. We can’t say this enough. Each online account needs to have a different password associated with it.
  • Don’t store your passwords in your email accounts and other insecure locations.
  • Your private emails are not really private. Anything you write via email has the potential to be printed, forwarded and replied to by the recipient(s). Even if you trust the recipient(s), keep in mind it is not secure to disclose sensitive confidential data through email.
  • Never click on links in an email.  A best practice is to always visit the link directly in your browser.  This will help you avoid a large number of attacks.
  • Be wary of attachments.  Only download attachments if you are expecting them and 100% sure who is sending them, even then, verify with the sender that it was intended for you.

Security Awareness Training is vital to ensure your staff is aware of security threats and safety precautions.


Beware of ?lost? USB flash drives and other portable media

Baiting- a popular form of social engineering to beware of

It is important to stay up-to-date on the recent cyber scams and tactics hackers are using to access accounts and personal information. One important form of social engineering to beware of is baiting. In baiting the attacker uses physical media and relies on the curiosity or greed of the victim. The attacker leaves a malware infected disc, USB flash drive or other portable media in a strategic location frequented by many (bathroom, elevator, sidewalk, parking lot, etc), gives it a legitimate appearance and intriguing label, and waits for the victim to use the device.

All it takes is a little curiosity or a nice gesture to find the media’s owner and you have malware. This  attack makes even the smartest individuals vulnerable because we are are all familiar with the feeling of losing and re-acquiring something valuable due to the good nature of a random individual. What a relief it was to have found that USB containing all your work on it, and while your media didn’t infect its finder, it doesn’t mean the media you find won’t infect you. Do not under any circumstance insert unknown media into any of your devices.

What should you do if you find the bait?

  • If you find an unaccompanied media device, immediately bring it to your company’s security department. Do not insert the media into any of your personal or professional devices.
  • As a best practice, scan all external media, even known devices, for viruses before use.
award Winner Two Years In A rowaward award award  

Award-winning Training for Powerful Results

Request a Demo