Cybersecurity Awareness Month 2022 – Behavior: Recognizing and Reporting Phishing
Created: Tuesday, October 25, 2022 - 17:50
Categories: Cybersecurity, Security Preparedness
by Jennifer Lyn Walker
Given that some of the most notorious breaches and incidents started with a phish – and will continue to do so – it is imperative that our human firewalls are able to recognize and report phishing attempts when our hardware firewalls and other security controls fail to block them. Likewise, with each data breach more and more information is added to the cybercrime coffer for miscreants to use to launch even more phishing campaigns against individuals and the organizations we work for.
As Cybersecurity Awareness Month 2022 begins to wrap up, the behavior being discussed this week is Recognizing and Reporting Phishing. NIST’s related blog post for this week highlights, in plain terms, some things that might resonate better with our employees on what to be suspicious about (compared to the same ol’ guidance) that may indicate a phish, such as:
- any out-of-character online post by a friend
- a “friend request” from someone you’ve been friends with for years
- an odd reposting of a bizarre news story
- an out-of-character text from a “known” contact
- an unexpected message from your manager asking to “run to the store for gift cards”
Furthermore, provide clear guidance to staff on how to report phishing when they detect it. Whether it’s a report phish button, calling the helpdesk, or emailing the IT staff, empower employees to question and report anything that seems suspicious.
Cybersecurity Awareness Month has been taking some criticism this year from some in the cybersecurity community. But I’d like to remind everyone that Cybersecurity Awareness Month isn’t for the benefit of cybersecurity professionals – it’s for those who don’t live and breathe cyber or technology every day. However, it IS an opportunity for us cyber professionals (who choose to carry the torch) to evangelize the need for everyone to #BeCyberSmart by encouraging our family, friends, and colleagues to adopt the behaviors highlighted this Cybersecurity Awareness Month 2022, including:
- Enabling multi-factor authentication
- Using strong passwords (and a password manager)
- Updating software
- Recognizing and reporting phishing
Finally, don’t forget to check out the rest of WaterISAC’s Cybersecurity Awareness Month 2022 posts for more tips and advice for you to share with your utility all year long!