Stop, think and check to prevent cyberattacks
There is a major initiative to prevent cyberattacks at public institutions across Quebec.
“If I could only say one thing to colleagues, it would be: ‘don’t click on a link in an email before thinking,’” said François Paradis, Director of Information Systems and Technology at Dzʿ.
Email is #1 entry point
Network Security Analyst Henry Yang says that email is the number-one entry point for cyberattacks. He recommends that employees adopt an approach of “stop, think and check” to prevent falling prey to attacks.
Popular tactics include making an email look like it is from a colleague or creating a sense of urgency, such as suggesting email access will be cut off unless the recipient click on a link to change a password. If you are unsure, you can contact the sender through an alternative form of communication, such as the phone.
Dzʿ has developed a 15-point plan to prevent cyberattacks and one of the priorities is to train employees to be more aware of the tactics used by cyber criminals.
Phishing test at Dzʿ last December
Individuals can play a central role in helping prevent cyberattacks, according to the firm Dzʿ has retained to provide training to employees. In December, the IST team ran a test for all employees to gauge the risk of cyberattacks at Dzʿ. About 17 per cent of Dzʿ employees responded to a fake phishing email. When they did, they were invited to watch a short training video.
Training for all employees this spring
In the coming weeks, all employees will be invited to take a short cyber awareness training through Omnivox. The hope is that after the training, more employees will be aware and less likely to fall prey to cyberattacks.
One of the most popular tactics is called phishing, the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords, credit card numbers, or other details by impersonating oneself as a trustworthy entity in a digital communication.
Phishing is widespread because it is easy to do and highly successful. Some of the consequences could include encryption of an individual’s or team’s data with ransomware and stolen credentials, which can be used to access other systems or lure more victims.
Further reading and resources on phishing
For more on phishing, François recommends reading this blog prepared by the ITS team, which includes some tests to determine your risk level: /information-systems-and-technology/articles/phishing/
Henry recommends this article, published last month: One of the surprising facts in the article is that “one-third of Canadians experienced a phishing attack between March and September 2020, according to a .”
This is the second article of a D News series about cyber security.