Learn to recognise attacks

In recent years, cybercriminals have evolved considerably and it is increasingly difficult to tell whether an email sent or a website visited is fraudulent.

Employees should be made aware of the most common attacks, how to recognise them, and how to respond to them. IT employees or the service provider can help you to provide this information and guidance.

If any of the emails you receive looks suspicious, it is always worth contacting your IT department or service provider and asking them to inspect the email. Even if the email turns out to be genuine, it is better to be safe than sorry.

Employees should be trained to recognise fraudulent and phishing emails and dangerous websites in the following way.

1. Check the sender’s email address – although it sometimes appears genuine, the sender’s address is usually slightly changed. For example, instead of ‘@eesti.ee’, the sender might use something like ‘@eetsi.ee’. Sometimes, replying to the email, even if the address appears genuine, can reveal that the recipient is someone other than the sender.
2. In the case of websites, check their address. As with email addresses, the website address may have been changed, for example, to ‘.ea’ instead of ‘.ee’ at the end of the address, or numbers added to replace letters in the address, for example, ‘eest1.ee’ instead of ‘eesti.ee’.
3. Any emails and websites promising money, travel, free things of value, etc. are very likely to be scams.
4. If the email appears to be from the company’s board or accountant, you should check that the style of the letter is as usual, especially if it requests a transfer of funds. Usually, fraudulent letters are suspiciously short and threatening in tone (‘Pay now, it must be paid within 24 hours!’, etc.).

In addition to improving the overall cybersecurity level of the company, cybersecurity awareness training should be organised for employees. The training must cover security issues in general: behaviour on social media, use of public cloud services, secure use of Wi-Fi, etc.

A training plan could include:

1. learning about the company’s IT security rules, security requirements, and risks;
2. an analysis of the risks of various devices and services (portable devices, social media, public cloud services, etc.);
3. behaviour in the event of security incidents (who to notify, what to do, etc.);
4. recognising possible threats and the most common attacks, assessing the consequences of such attacks;
5. an analysis of recent security incidents that have become public along with a description of the causes and possible prevention methods. One way to train employees is to join the cyber test offered by RIA. This is an e-learning platform designed to raise and maintain the cybersecurity awareness of an organisation’s or company’s employees. We update the content of the cyber test every year. You can find more information about the cyber test on the website of RIA.

In order to check whether the general guidance and training of employees is producing results, their knowledge needs to be checked regularly. It helps them to remember what they have learned and keep it fresh in their mind. Knowledge can be tested, for example, by means of surveys that can be offered by various companies providing cybersecurity services or training – they are also the best placed to update these tests. This way, the company will also receive information on whether employees should be retrained on some topics.

It is also a good idea to organise small drills to check employees’ behaviour – for example, by sending them a fake phishing letter. The results of these tests will show what else you need to tell your users or whether additional training is required. Inform people about the results of the incident analysis and involve them in the development of the rules. This way, they are motivated to follow the rules themselves.