Handling Sensitive Information
Sensitive information, including confidential information or information that is for internal use only, should be handled with care. A lot of times, your organization’s sensitive information may include information such as intellectual property, trade secrets, or security configurations.
It’s important to take caution when handling this information so that you can protect yourself and your organization from cybercriminals. Follow the tips below to help protect sensitive information:
Properly Dispose of Documents
When you no longer need to use a document, make sure that you properly dispose of it. Instead of placing a document in a trash bin, use a shredder to shred the document. If you place a document in a trash bin, cybercriminals can easily search through the bin and find the document. Then, the cybercriminals can easily read and steal any sensitive information on the document.
Clean Your Desk
Look around your desk. How many documents are laying on your desk, available for someone to grab or view? Be sure to clean your desk to protect sensitive information. If you’re not using documents, put them away in locked drawers. Cybercriminals could impersonate maintenance staff and cleaning crews to steal documents off of your desk after work hours.
Encrypt Your Digital Documents
Does your organization give you a laptop or other electronic device to use for work? What would happen if that laptop or other device was missing or stolen? All the documents on the device could easily be read, copied, or sold. To prevent cybercriminals from accessing and stealing your documents, consider encrypting sensitive documents. If your documents are encrypted, cybercriminals will be less likely to read them. If you suspect that sensitive documents have been lost or stolen, immediately tell your manager.
If your organization's sensitive information was stolen or lost, your organization could be at risk of paying fines and losing trust. Protect your organization's sensitive information like you would protect your own social security number, credit card information, or healthcare information.
No one is immune to being targeted by phishing attacks. In this week’s scam, cybercriminals targeted candidates in a local election. During any election season, many candidates post information about themselves online or on social media sites. Scammers can use this information to craft targeted attacks on the candidates. In the specific attacks mentioned below, the scammers pretended to be another election candidate. This type of attack is known as Business Email Compromise (BEC).
In one of the attacks, the scammers emailed an election candidate. In the email, they impersonated someone else who was also running for election. The scammers explained that they needed the victim to purchase $500 in Apple gift cards and send them via email. When this didn’t work, the scammers later sent a separate email that appeared to come from DocuSign. This email contained an attachment that directed the victim to a fake login screen that prompted them to enter their user credentials in order to continue. If the victim had fallen for either of these scams, the scammers would have been able to steal both money and login credentials from the victim.
Follow these tips to avoid falling victim to a BEC scam:
- Be wary of any unsolicited emails or calls asking you to buy gift cards or transfer money, even if they appear to be from someone you know. Verify the request through another channel before acting.
- Be extra vigilant during high-profile events like elections when scammers may increase phishing attempts.
Remember, the information that you post online is publicly available for anyone to see. Scammers can use this information to target you with more realistic phishing attacks.
Messaging apps such as WhatsApp, Discord, and WeChat are a great way to keep in touch with friends and family. But not all messaging apps are safe to use on your work device. Unapproved messaging apps may contain vulnerabilities that cybercriminals can exploit. If the cybercriminals are successful, they could gain access to your organization's network and other sensitive information.
Receiving Messages from Cybercriminals
Cybercriminals can use these apps to send you messages that contain malicious links or attachments. The messages may promise free items, inform you about an overdue bill, or prompt you to download an attachment for work. If you click the links or download the attachments, you may unknowingly download malware on your work device!
Third-Party Apps with Hidden Features
Cybercriminals can also create third-party apps to change your messaging app experience, such as making the app pink. While the third-party app may actually make your app pink, it can also grant cybercriminals access to your device. Once cybercriminals gain access, they can view any organization information on your device.
What Can I Do to Stay Safe?
Follow the tips below to protect yourself and your organization from these types of scams:
- It's best to keep work and personal use separate. Only use work devices for tasks required by your job.
- Follow your organization’s policies on downloading apps on work devices. If you’re unsure, learn who to contact for guidance.
Never share personal or sensitive information through unsecured apps. Be especially cautious if you don’t know the person messaging you.