Have you ever encountered a situation at work that was suspicious?
Perhaps this was a suspicious person, a suspicious email, or even a phone call that didn’t seem right.
Most organizations have a policy regarding how to handle these suspicious ‘events’.
These ‘events’ could potentially put the organization and/or the computer systems of the organization at risk.
Some of the more common events are listed below:
Suspicious persons – Trespassing
When it comes to physical security (securing the building and its assets from unauthorized access), identifying suspicious persons is key.
If you notice someone that you do not recognize, you should ask who they are and what they are doing.
It is possible they are a new employee, or on a short term work contract… or it is possible they are not authorized to be there.
– Attackers will try to enter the building posing as an employee, or a contractor. From inside the building they can gain access to internal computer networks
Suspicious Emails – Phishing
The majority of all recent cyber attacks have been a result of social engineering via an email.
These phishing emails can be designed to be sent to: everyone in the organization, a division within an organization (accounting, sales), or YOU specifically.
– Using social networks like Facebook and LinkedIn, attackers can gather just enough personal information about you to make a very convincing email
Suspicious Phone Calls – Vishing(Voice Phishing)
The oldest trick in the book, and has been in use by hackers, fraudsters, and scam artists for decades.
This involves someone calling you and pretending to be someone they are not: (IT Dept, Insurance Company, Bank, etc).
The attacker will try to build credibility and a good rapport with you before asking for sensitive information such as a password, social security number, or bank account information.
With the latest in technology, attackers can now change the caller-id to show whatever number they would like (adding more credibility).
– You get a call from a number that appears to be the IT department. They claim there is an issue in IT that is too technical to explain, but they require you to give them your password over the phone to fix it.
Always remember to follow your organization’s security policies when it comes to suspicious events. If your organization does not have a specific policy regarding these situations, escalate ANY suspicious events to the IT or Security department.
Security is a team effort. Every employee has a responsibility to the organization to report these events.