Insights: Article

Before You Open That Attachment: Creating a Policy for Avoiding Hackers

By   Rich McRae

April 01, 2018

Here’s a reason to address social media through acceptable use policies in the workplace. The following was published at KnowBe4.com by Stu Sjowerman and is shared here with his permission:

Bad guys are doing research on you personally using social media and finding out where and when you (might) travel for business. Next, they craft an email especially for you with an airline reservation or receipt that looks just like the real thing, sent with a spoofed “From” email address that also looks legit.

Sometimes, they even have links in this email that go to a website that looks identical to the real airline, but is fake. They try to do two things: 1) try to steal your company username and password, and 2) try to trick you into opening the attachment which could be a PDF or DOCX. If you click on the link or open the attachment, your workstation will possibly get infected with malware that allows the bad guys to hack into your network.

Remember, if you want to check any airline reservations or flight status, open your browser and type the website name in the address bar or use a bookmark that you yourself set earlier. Do not click on links in emails to go to websites.

Have a Policy Ready
With online web-browsing and social media activities a daily norm, we recommend your policies advise employees and customers on best security practices while using social media and email. For example:

  • Personal social media accounts (Facebook, Google, Twitter) should be locked down with maximum privacy settings applied to prevent open access to personally identifiable information such as birthdates, location, activities, etc.
  • Check with the sender before opening an attachment, even if the email appears to be from another employee or trusted source.
  • Do not send confidential data, such as credit card data, customer names, email addresses, and social security numbers through non-encrypted transfer methods. For example, don’t perform online mobile banking over public Wi-Fi networks.

Contact your Eide Bailly Professional for assistance with cybersecurity and policy development guidance.

Latest Insights

July 13, 2018
Article
Here are some idea for giving your new hire a smooth start into your business and alleviating stress for you.
July 13, 2018
Article
The impact of the recent SCOTUS Wayfair decision will continue to have a ripple effect on businesses and state sales tax compliance.
July 9, 2018
Article
The revenue cycle is a complex system and we have historically given much attention to the front-end and back-end while oftentimes leaving the middle functions of the cycle neglected.
July 3, 2018
Article
FASB Accounting Standards Codification Topic 606, Revenue from Contracts with Customers, provides a 5-step framework for determining revenue recognition.
July 2, 2018
Article
As part of the Tax Reform Act of 1986, the “Kiddie tax,” a taxing regime designed to make the transfer of income items by wealthy parents to lower tax paying children less attractive, was implemented.
July 2, 2018
Article
When it comes to your employees, you likely conducted interviews on them when you first hired them.
July 2, 2018
Article
Nearly ten years after the release of the initial exposure draft, FASB issued ASU 2016-02, Leases - The standard may have been issued, but the conversation about this re-write of legacy guidance has not slowed.
June 29, 2018
Article
Banks look at three broad categories when considering small business financing: business cash flow, personal financial strength, and collateral value.
June 28, 2018
Article
You need to be cautious when entering into a bartering relationship and remember to track everything and the key to accounting for bartering is making sure you still record the income earned and expenses incurred.