Employee education is one of the strongest tools in our arsenal to fight cybercrime. NACHA, the Electronic Payments Association, suggests that one simple question can make the difference between an infected network and a protected one. Teaching our employees to always ask, “Does this email make sense?” before responding to it, opening an attachment, or clicking on a link, can make all the difference.
Regularly remind your staff that financial institutions, government agencies, and associations will not request personal identification numbers (PINs), user names, passwords, or account verification via an email. Should they receive such a request, it is best to delete the email rather than risk infecting your network.
Emails from family and friends may include links to sites that also may infiltrate the network. Asking, “Does this email make sense” includes considering whether or not it makes business sense to open an attachment or link to an unknown site.
When in doubt, NACHA suggests:
- Using a lock up service such as “whois.net” to view domain registration information of an email sender.
- Contacting the sender to determine legitimacy, but never use the phone number included in the email.
- Deleting the email.
How have you been educating your staff about the perils of cybercrime?