Insights: Article

Before You Open That Attachment: Creating a Policy for Avoiding Hackers

By Rich McRae

April 01, 2018

Here’s a reason to address social media through acceptable use policies in the workplace. The following was published at KnowBe4.com by Stu Sjowerman and is shared here with his permission:

Bad guys are doing research on you personally using social media and finding out where and when you (might) travel for business. Next, they craft an email especially for you with an airline reservation or receipt that looks just like the real thing, sent with a spoofed “From” email address that also looks legit.

Sometimes, they even have links in this email that go to a website that looks identical to the real airline, but is fake. They try to do two things: 1) try to steal your company username and password, and 2) try to trick you into opening the attachment which could be a PDF or DOCX. If you click on the link or open the attachment, your workstation will possibly get infected with malware that allows the bad guys to hack into your network.

Remember, if you want to check any airline reservations or flight status, open your browser and type the website name in the address bar or use a bookmark that you yourself set earlier. Do not click on links in emails to go to websites.

Have a Policy Ready
With online web-browsing and social media activities a daily norm, we recommend your policies advise employees and customers on best security practices while using social media and email. For example:

  • Personal social media accounts (Facebook, Google, Twitter) should be locked down with maximum privacy settings applied to prevent open access to personally identifiable information such as birthdates, location, activities, etc.
  • Check with the sender before opening an attachment, even if the email appears to be from another employee or trusted source.
  • Do not send confidential data, such as credit card data, customer names, email addresses, and social security numbers through non-encrypted transfer methods. For example, don’t perform online mobile banking over public Wi-Fi networks.

Contact your Eide Bailly Professional for assistance with cybersecurity and policy development guidance.

Latest Insights

November 16, 2018
Video
If your business sells or operates in more than one state, it’s important to understand the concept of nexus. Depending on how you’re earning revenue, having nexus could impose a variety of taxes, which vary state to state. Learn more in our…
November 15, 2018
Article
Until recently, many businesses weren’t overly concerned about sales tax. They knew they needed to collect and remit in the state in which they resided, but beyond that, their compliance burden was limited.
November 12, 2018
Article
This insight explores what dealerships can expect from the proposed section 199A regulations under tax reform.
November 8, 2018
Article
Are you a business taxpayer with annual gross receipts of $25 Million or less? If so, you may be eligible to take advantage of new Small Taxpayer Safe Harbors that could generate significant tax savings and simplify your tax returns in future years!
November 8, 2018
Article
Considered the most significant tax code overhaul in over three decades, the Tax Cuts and Jobs Act passed in 2017 includes provisions affecting both individuals and businesses.
November 7, 2018
Recorded Webinar
State and local sales tax compliance is always evolving, making it important to stay up-to-date on changes affecting your tax liability and responsibilities. This session will cover what you need to know regarding the recently enacted state and…
November 7, 2018
Article
“Why is my portfolio underperforming the market?” This question may be on your mind.
November 5, 2018
Article
Identify your implementation methodology. There are four practical expedients available. We'll explore each option.
November 5, 2018
Article
Deeper dive into ASU 2016 liquidity.