November 2023 Volume 5

OPERATIONS & MANAGEMENT

• Always use 2FA. The extra step you take to enter a code or approve a sign-on can make the difference between a successful attack and a failure. • Be careful with phone calls. Scammers can pretend to be from "tech support" and ask you for a password or to click a link so they can log on to your computer. Know who your IT people are and how to reach them. Never respond to someone who claims to be from IT if you don't recognize the company or the name of the person. Emails present a huge opportunity for cybercriminals and a huge risk for the rest of us.

If you’re not sure because the email is from someone you recognize, *CALL* and ask them about it. We’ve seen many organizations avoid financial loss by making a quick phone call only to learn that a request to transfer funds was fake. If you clicked and are having second thoughts, call your IT department or IT provider right away and tell them specifically you clicked. Overall, a positive cybersecurity culture is one of learning, not blaming. Foster a supportive environment where employees feel comfortable reporting security concerns and asking questions. Your team should be comfortable reporting a potential risk, including an errant click. The sooner you know, the sooner you can begin to mitigate the problem.

Jim Kerr is President of CRU Solutions, a leading Cleveland-based managed IT services firm he founded in 1982. CRU Solutions has been serving the team at FIA for over 10 years. www.crusolutions.com Email: jim.kerr@crusolutions.com

Cybercriminals now use AI to their advantage. AI-generated text helps attackers produce sophisticated, highly personalized emails and text messages that are more likely to deceive than ever before. This makes identifying phishing attempts even more difficult. Here’s a refresher on how to spot and avoid potentially dangerous emails: • In general, make the email prove to you that it's legit - no random clicking! • You don't recognize the sender. • The sender's email address is random letters and characters or a strange domain. • The "To" field is blank or a list of names you don't recognize. • The subject line is unusual or doesn't match the email content. • The email content includes an ask for something (buy gift cards, transfer funds, call a phone number, verify information, etc.), a short timeline, and possibly a threat of losing your email or other risk. • There's an attachment. • If there's a link, hover over it with your mouse. Does it go to a different website than the name? • Always be careful when clicking on links or opening attachments! If an email is clearly a phishing attempt, our best advice is to just delete it.

FIA MAGAZINE | NOVEMBER 2023 41