Internet crime is costing companies millions. In a post on Computer Weekly, senior analyst Warwick Ashford (2019) reported, “Cyber crime cost the global economy £2.3m every minute in 2018.”

Before I continue, I know what you are thinking: My company has an IT department that deals with this stuff, right?

Without going into the technical ins and outs of how a virus or phishing scam can make its way past a clever security system that was configured by competent IT people, know that it can happen, and that you could be responsible for the breach.

How am I compromising my company’s internet security plan? Let’s imagine a few scenarios

Scenario 1

Imagine taking a USB disk that you found in a drawer a few months ago and plugging it into your PC at work. Now imagine that your antivirus program is not up to date because you failed to report it was not working. In two seemingly harmless moves you have bypassed all the clever, expensive internet security systems your IT has put in place and given any form of malware a chance to get onto your PC and the company’s network. If malware has managed to get onto your PC, usernames, passwords and a whole lot of other information is compromised.

Scenario 2

Imagine opening an email attachment without taking notice of the content or who the email is from. Again, with one simple ‘double-click’ you have opened a door for a malicious program to be installed on your computer. That is, you have compromised your company’s internet security plan.

Scenario 3

Imagine opening an email and not taking too much notice of the header information because, well, it looks pretty legit (and who has time to analyse, right?) Now imagine the email says that your email account has expired and that you need to click on a link immediately to save your account and recover your emails. If you have not been trained to recognise phishing scams and recklessly click on a link without analysing the email to see if it is in fact from your email provider, you are opening a door for a malicious program to be installed on your computer, or for a scammer to steal your information when you type it in on a bogus website. When this happens, your company’s internet security plan is compromised.

Why does my firewall not stop me from getting ‘bad’ emails in the first place?

It’s simple. Anyone can register a domain and setup a website and/or mailbox. If you, for example, setup a domain and website for your catering company, the emails you send are legitimate because, well, you are. Security systems only know that a domain is being used for scamming people when it’s reported.

And by the way, your company’s firewalls (if they are properly configured, but that’s another story altogether) is already blocking thousands if not hundreds of thousands of all kinds of ‘attacks’ a day.

How do I protect myself and my company?

Remember, no internet security plan is 100% effective. However, one can take steps to educate staff on internet security and mitigating a breach.

Your computer programs must be up to date

Always have an updated antivirus program running on your PC and ensure that operating system updates are installed and up to date. Do not bypass the antivirus to open files and download programs.

Be alert

Always look at your email’s header information, especially when the email creates a sense of urgency (you must update or activate or confirm something immediately to avoid some consequence). To do this, look at the description in the “To” field of the email header and then look at the actual email address next to it. If the description is a person or entity you recognise, but the email address is a random unknown person’s email address, ask your IT to investigate before taking any action.

Stop ‘curious clicking’

Be careful when clicking on links in emails! This is worth repeating. Be careful when clicking on links in emails! If you get an email that asks you to click on a link to supposedly verify or update credentials or other information, hover over the link (move your mouse over the link without clicking it) and look at the address that the link will take you to. If the link is a random address that has nothing to do with the sender or the action you are supposed to take, or a misspelled website address, report it to your IT department.

Have a strong password and change it regularly

Make sure your password has at least 8 characters, and that those characters are a mix of lowercase, uppercase, numbers and even symbols (#,@ or !) if you can. The longer and more complicated your password, the stronger it is.

Don’t be fooled

It is unlikely that your work email that is hosted by a competent IT company will “expire” and that you will lose all your emails if you don’t log into your account “to avoid its termination”.

Don’t communicate via email alone

If you think an email looks suspicious (anything from header info that is incorrect or misspelled to bad grammar, or an out of the ordinary or urgent request), don’t use the contact information in the email to contact the company or person back. Call the contact on a number you already know is correct (the number you have in the company’s phone book, for example) and ask the person if they sent you the email.  

Attachments can contain viruses

Be careful of opening attachments in emails (even PDFs). If you get an email that has an attachment with a password to open the attachment appearing in the same email, consider it suspicious.

IT companies even consider certain attachments dangerous and block them (such as .htm or .html).

Be careful when money is involved

Never accept change of bank details in an email. Investigate urgent requests for payment and double-check bank details via phone on a number you already know is correct.

Here is the disclaimer. This information is for information purposes only. Please do not rely on it to avoid being scammed or breached. Cybercrime is ever-changing and ever-growing. Speak to an IT security specialist for assistance and training.

References

Ashford, W. 2019, Internet crime costs global economy £2.3m a minute, Computer Weekly, Date of access 17 September 2019, <https://www.computerweekly.com/news/252467285/Internet-crime-costs-global-economy-23m-a-minute>