No training? No security!

Over the years that I have worked in large companies as a CIO, I have become more aware than ever of the importance of training employees and how this lack of “education” in the use of digital tools could lead to major issues in the area of IT security. Such security issues can range from the infection of a single PC to the compromise of the data store contained in data centers and all data within computers connected to the network.

It is necessary to pay the utmost attention!

Interviews should not only be asked if they can use Excel

What to ask at the job interview as computer skills

Personally, I was in charge of recruiting only IT-related personnel concerning Web application development. Of course, interesting resumes or people with a solid foundation, not overly skilled but with a great desire to learn, were contacted. In other areas, such as administration, marketing, etc., the recruiting of figures and the subsequent cognitive interview was left to the Personnel Selection Department.

Very often, recruiters, unless they have already worked as recruiters within IT companies, are not sufficiently knowledgeable about the requirements a candidate should have regarding the minimum knowledge about the use of the IT tools they will have to work with.

Very often he is asked if he has already used excel and e-mail without elaborating, on the latter, what his knowledge is limited to; because it should be emphasized that knowing how to open an e-mail message and reply, perhaps using other e-mail addresses in copy and hidden copy, is not sufficiently comprehensive for the purpose of defending the data within corporate data centers.

One question that should definitely be asked is, “before opening an attachment, do you verify that the sender’s email address is trustworthy?”

How to recognize messages containing malware?

If the message contains no attachments and no links it is probably just SPAM, i.e., email advertising practices not authorized by the direct recipient of the message. Many e-mail servers recognize these messages and automatically “flag” them as SPAM.

What about messages that contain attachments instead?

Check the sender’s address

Many candidates do not know that it is possible to write anything within the message body, but it is much more problematic to send an email with the same email address as the original sender. So probably if you receive an email from a fake Facebook, the sender’s email address will not be support@facebook.com, but something like support@facebok.com (note a single “o” in the fake address).

Just as a quick aside, it is exactly in this way that Hackers steal users’ Social account login data…. They send an email with HTML body identical to the emails sent by Facebook for example, requesting to log in to their account. The point is that clicking on the link does not end up on Facebook but on a site exactly the same as Facebook but with a different though similar domain name (see the Facebok example), where entering the data and trying to log in will continue to give an error: in reality the data has already been stored by the hacker on the first attempt, continuing to enter other passwords for fear of not remembering them will also be stored. The Hacker will use this data to log into Social and replace your password with one of his own. It would be good to never put the same passwords that you use for Social Networks also for online accounts, PayPal and online payment platforms, because the first step done with these data is to see if the same ones give access to online payment portals… So be careful for online payment systems always use passwords that you would never put for Social Network registration!

Check the body of the message

Very often within the message body of an email containing Malware, there are a number of strange symbols, misspellings, and in some cases even sentences that make no sense. This must make you suspicious. It is very difficult for a person who writes and speaks the same language as you to write that endless sequence of nonsensical sentences.

Extension of the attached file

Although the most polished hackers are able to disguise executables with .doc and .pdf extensions, there are cases where the file extension attached is a zipper containing an executable. Executable files should NEVER be opened under any circumstances.

Use a good antivirus

Finally, if the PC is not already equipped with one, it would be a good idea to request the licensed installation of a good antivirus in order to immediately identify and block the threat before it can create damage to the data shared on the network.

What kind of damage can Malware do?

Malware

There are many types of Malware that can attack a single computer or settle inside data-center servers or transmit to other computers in the network. One very dangerous class of Malware is Ransomware. This class of Malware encrypts data with a 256bit key and an algorithm known only to the Hackers who developed it. A ransom is usually demanded in order to get hold of the decryption key and restore unencrypted reading of the data.

Of course, the damage it can cause on a PC used by a user at home to surf the Internet and watch movies on Netflix is very relative. On the other hand, it can become a total catastrophe if the Virus spreads within a corporate network that contains all documents such as invoices, contracts with other companies, employee contracts, payroll, etc.

How does the entrepreneur prevent these harms?

The only effective method is the use of Antivirus on all computers and good staff training.

If you need counseling and training of your staff in proper PC use in order to decrease the risk of attacks contact us!

[starbox]