Cybersecurity Awareness Month—Own IT: Understand Your Digital Profile
Internet-based applications and devices are present in every aspect of our lives—at home, school, work, and on the go. Constant connection provides opportunities for innovation and modernization, but also presents opportunities for cybercriminals to steal your private information by exploiting you or purchasing stolen information from previous breaches for profit or leverage.
Follow the advice below to protect yourself, your family, and your client’s information.
Own IT at work
Play hard to get with strangers. Cybercriminals use phishing tactics, mostly through email, hoping to fool you into taking an action, such as giving up your logon information or downloading a malicious software like ransomware. A recent study shows that 90 percent of all company data breaches begin with some form of phishing. These phishing emails often come from someone you trust who was a victim of cybercrime. Phishing emails are getting more sophisticated and cybercriminals are betting that you do not know how to spot a fake email or file. Visit Stay Safe Online for phishing prevention tips. Then test yourself using Google’s Phishing Quiz which includes recent examples of real phishing emails that you might see at work or home. It also walks you through how to identify an email as a phish.
If you receive an email at work that you suspect is a phishing attempt, follow your company’s reporting policies, and, if requested, report the phish to your information technology (IT) department immediately. Tetra Tech employees regularly report suspected phishing emails to IT, showing that cybersecurity awareness training works to keep our data secure.
We must all continue to educate ourselves to this evolving threat, so we do not take potentially harmful action on phishing scams. If you are not expecting a link or attachment from a sender, do not respond and do not click on any links or attachments found in that email. Review the email carefully—if anything seems odd, call the sender to verify.
Own IT at home
Phishing is not limited to work accounts. Criminals know that they can profit from phishing personal accounts—often for fraud or identity theft. Criminals will impersonate companies that they know have a large customer base to trick you into opening an attachment or clicking a bad link. A recent report lists Apple as one of the often-impersonated companies in phishing scams in the last year, but they are not alone.
Never click and tell. Limit what information you post on social media—from personal addresses to where you like to grab coffee. What many people do not realize is that these seemingly random details are all criminals need to know to target you, your loved ones, and your physical belongings—online and in the physical world. Keep national identification numbers, account numbers, and passwords private, as well as specific information about yourself, such as your full name, address, birthday, and even vacation plans. Disable location services that allow anyone to see where you are at any given time.
Protect your data and devices. Save your files in a place where they are automatically backed up, try to avoid using USB drives, and use cloud backup or sharing services instead.
Set your devices to automatically apply updates and restart them regularly to ensure software and security updates are completely installed.
Read the rest of our Cybersecurity Month series.