Many people trace the origins of April Fools’ Day back to 1582 when Pope
Gregory XIII adopted the Gregorian Calendar, effectively moving New Year’s Day from the end of March to 1 January.
Though the change was widely publicized, some people didn’t get the memo, while others simply didn’t want to transition to the new calendar, so they continued to ring in the New Year at the end of March. Those who didn’t make the change were mocked for their folly and called “April Fools”.
Why is IT security diligence needed on April Fools day? Mostly because of pranks but the excitement of the day may generate increased activity relative to unethical hacking.
Thus, here are some pointers to keep in mind today (April 1st) and the coming days:
– Lock your PC, smartphone, tablet and other devices when you’re away from them. There have been many computer pranks on
this annual celebration of mayhem. There is a whole slew of tricks you can pull on people. But what if you are in accounting and have a spreadsheet of salaries open on your computer? Or what if you control PII or sensitive data that is easily accessible?
– Even lacklustre pranks such as quickly installing software that pretends to remove all of the software from your machine, makes your Windows start button avoid your mouse, a fake blue screen of death – these small downloads could contain malware, spyware, and viruses.
– We all should remember not to believe everything we see in emails, even if it appears to come from a trusted source. You never know when an email might be trying to trick you into giving away your passwords or downloading malware.
– Networks are segmented for good reasons. Each person is privy to the knowledge that they need to have. Before getting up from your desk consider the entire picture; do you leave confidential information on your desk? Is your computer completely secure? Time, effort and reputation can be saved by keeping these simple points in mind.
Here are just three suggestions for how to avoid having your computer infected. These are simple and easy to implement:
1. Be careful what you click!
Not all phishing emails are as obvious as this one, and some can look very
professional and convincing. To protect against phishing attacks, it’s good practice never to click on links in email messages. You should enter the web address of your important websites directly in the address bar of your browser. Even better — use a bookmark or Favorite to save the link for your bank, email, and other important websites. Also, consider turning off HTML in your email to prevent malicious images from loading.
2. Check the address bar for the correct URL
The address bar in your web browser uses a URL to find the web site you are
looking for. The web address usually starts with either HTTP or HTTPS, followed by the domain name. The real websites of banks and many others use a secure connection that encrypts web traffic, called SSL or HTTPS. If you are expecting a secure HTTPS website for your bank, for example, make sure you see a URL beginning with https:// before entering your private information.
3. Look for the padlock for secure HTTPS websites
Back to point #1, a person can create a near identical domain name and easily copy the entire content from the legitimate website to fake a person into thinking they are on the real thing. Even the fake website may have the padlock icon. Diligence is needed. Think before you click!
For more security tips check out: http://blogs.sophos.com/2014/03/31/what-is-phishing-anatomy-of-a-phishing-attack-plus-five-security-tips-video/.