Best Practices to Minimize Cyber Threats

Email precautions

One of the most prevalent delivery methods for malicious software payloads comes from the use of email. With access to public records, cyber criminals can easily obtain information that can be used to capture demographic information in order to simulate sending a legitimate sounding email from your co-workers, friends, or family. They use social engineering techniques to make these emails appear as though they are legitimate. EICC has upgraded systems to better detect issues with email, and network intrusions but systems alone won’t detect every threat. Security begins with each of us, so below are some guidelines and techniques to limit your risk of becoming a victim of cyber threats.

Don’t open emails from strangers.

  •  Any email that is of a solicitous nature is always suspect. You can mark these emails as junk in your email software to prevent any future issues by funneling them to your spam/junk email folder. Simply opening a suspect email sends a confirmation to the sender that they have an active and live account they can use for further future spamming, phishing, or other nefarious purposes.
  • If the grammar and spelling of an email looks suspect, then assume it’s not from a legitimate source.
  • Any emails that appear as confirmation of an order placement could be suspect, so don’t assume that it legitimate until you verify the sender.

 

Before you open an email in your inbox, hover over the sender information to verify the email address matches and has not been “spoofed” by a fraudulent sender.


If the email addresses from the email header does not match the detailed sender information, then the sender has fraudulently tried to simulate a legitimate sender and likely has malicious content.

Don’t click on any link inside an email until you have verified the sender is legitimate.


Once you verify the email sender is legitimate, then check the link to ensure it appears accurate and you are not directed to a malicious website for a download. If the email sender has a different domain address (e.g. @eicc2.edu vs @eicc.edu), then there is likely malicious intent.

Don’t download any attachment that is an executable object.


If an email attachment has a file name that ends in “.exe” or similar executable program it is highly likely it’s a cyber-threat preparing to install malicious software once you click on it or download it.

Don’t forward suspicious emails to others.


Forwarding emails introduces further risk to the environment since you could infect a recipient’s machine in addition to yours if you have already been compromised. Contact the Helpdesk via phone or send a separate email to investigate the suspicious email you identified, but don’t forward the potentially malicious one until it has been reviewed with Helpdesk personnel.

Software updates (the good kind)

  • Leave your computer on at all times – EICC uses software tools to deploy both operating system updates and patches to software. These updates are scheduled in the evenings to run automatically so leaving your computer on will enable them to run at times that minimize conflicts with your working times and avoids unexpected updates in the morning after powering your computer on.

  • Reboot your computer before leaving every day – This will accelerate scheduled software patches or updates to your computer that may be waiting to install so they can begin sooner. It also ensures any lingering software you may have used or loaded to your computer from a passing website ad is shut down at the end of the day. This will also keep your computer in good operating condition as it frees up unneeded software not currently in use.

 

Change your password regularly.


Regular password changes are required at EICC and you are prompted to do so at the proper interval. This ensures that accounts less frequently used are protected, but remember to change your passwords at home also.

Complete training courses on cyber threats.


Each year, EICC selects courses to familiarize you with the evolving cyber threat landscape and to help provide best practices and tips on how to avoid dangerous and malicious software that can infect your computers. EICC has identified additional courses through SafeColleges that are available to you. The specific courses related to Cyber-Security include the following:

  • Cybersecurity Overview
  • Browser Security Basics
  • Email and Messaging Safely
  • Password Security Basics
  • Protection Against Malware

 

Call the Helpdesk if you have suspicious emails.


If you have doubts about whether an email is legitimate, you have message about software installs, or any other suspicious cyber activities please contact the helpdesk. They will assist with assessing the situation and can help identify and log any activity that is dangerous to you or others. Once again, do not forward emails to others including the helpdesk until a preliminary discussion has occurred.

Personal credit protection


With the increasing threat frequency surrounding identity theft, each person has some steps they can take to better protect themselves against others from stealing your identity. Here are the steps you can take to obtain a free credit report as well as methods that you can implement to lock your credit account to prevent others from opening credit card and other financial accounts in your name.