Marketing leaders will need to ensure they are aware and follow the latest information security for their organizations to prevent cybersecurity breaches such as social engineering, phishing, password vulnerabilities, etc., but also to be aware and comply to the every growing and changing compliance regulations that protects user data and privacy.
Here are some core awareness points that can help streamline your information security training.
What is Information Security?
It’s the practice of protecting information by avoiding the risks that could expose it to attack attempts. For example, identifying a fraudulent email before clicking on anything in it, and reporting it.
Cybersecurity threats from the internet are methods that cybercriminals use to attempt to gain access to your organizational or personal information. They include attack methods such as viruses, ransomware, phishing, Trojans, spyware, and more.
Top 5 ways marketers can mitigate information security threats
Protect your internet access
Be as careful using public wifi as you are using public washrooms. You are sharing open networks so there could be causes for concerns. Make sure you are connecting to the correct public wifi. Wifi names could fraudulent. Be careful surfing personal websites like banks. Anyone could possible scan the data transferred on that public wifi. Use a VPN will greatly increase your privacy and security while on a shared wifi. The VPN encrypts your data before the public wifi see’s it. The site see’s the VPN server as the source of your data so noone’s where you are from.
Safeguard your email from phishing, spam, or attachments
Phishing emails are carefully built to intentionally deceive you by posing as a legitimate company, hoping that you click the link. Verify the domain the email was sent from, closely. Sometimes fraudulent domains are off by one letter, or use an uppercase I in place of a lower case l. Verify the integrity of the email before clicking on anything buttons or links. This is most crucial because as soon as you click that link, it could be game over. It’s also best practice to manually visit the website from the email sender.
Email attachments from unknown senders is another red flag. Don’t open up attachments, even if they look safe, and don’t bother replying to the email because that will only verify that your email address is active which can lead to more phishing attacks. Email attachments from people you do know can also be dangerous because their account may have been compromised.
Spam is an everyday occurrence. It makes up over half of all email traffic. Technology based spam blockers are recommended, but then those are not perfect. There is no perfect solution. At the end of the day, you’ve got to be diligent about not clicking on email links and attachments before you verify their integrity. To help reduce the amount of spam you receive, be careful where you submit your email. Use a separate “burner” email address to prevent your primary email from being sold and shared to spammers.
There are many different types of malware but the primary purpose of malware is to personal, financial, or business information to make money. Cyber criminals are becoming more and more creative with the types of tools and strategies they use to get your personal data. These days, malware attacks come from multiple coordinated attack vectors.
Types of Malware:
- Computer Virus: Piece of malicious code that hides while making copies of itself on your computer, without y our consent
- Worm: Similar to a virus, can quickly spread over the internet independently.
- Trojan: An attack vector that disguises itself as something normal but actually contains malicious code.
- Rootkit: An attack vector that conceals other malware so it stays hidden, making it harder to identify and delete.
- Ransomware: An attack vector that takes your data, encrypts it, then demands you pay to retrieve your data.
- Spyware: Malicious code that collects data from you such as a keylogger.
There are 450,000 threats per day
Malware targeting of mobile devices is on the rise. Windows computers are no longer the primary target of malware. Mobile apps will typically ask for far more permissions than they need to function. Be careful with which apps you download, where you download them from, and the security / privacy settings for those apps. It’s best to not download apps outside of the official platform stores and be sure to keep your apps updated.
Be aware of social engineering
Social engineering is the manipulation of people to disclose confidential or private information. Can be done via email, phone, or in person. For example, someone can call the office and ask for the CEO’s phone number. Someone can walk into the office and pretends to be a contractor. They can be wearing a uniform and can physically grab equipment from the office. You’ve got to be very careful with the information you disclose and should try to verify the identification of persons. In general, there are some social engineering red flags to watch out for:
- Someone asking for your password
- Someone using urgency or pressuring you into action quickly
- Someone that has reached out to you and asks you to verify your account information
Fortify accounts with strong passwords
Oldy, but a goldy. Don’t write down your passwords on notes and leave them around your desk and computer. Don’t use simple passwords. And don’t use personal information in your passwords. When it comes to password complexity, a typical person uses a core password and slightly adjusts them for different websites. Be sure you use completely unique passwords on each website.
Password hygiene is important and it’s best to come up with some phrase from a movie quote, song, etc., and take the first letter of each word to make your password. If you need to share a password with a family member, use an encrypted messaging service that can also delete messages. Setup Two Factor Authentication (2FA) or Multi-Factor Authenticator (MFA).