Leon McBride, Lakewood MUA
Gregory JnoBaptiste, Two Rivers Water Reclamation Authority
To provide forum for staff of AEA member organizations to discuss a broad range of IT issues; educate committee members; identify IT-related education and training needs for AEA.
Meets / Schedule
In person and via conference call on alternating months.
There is a new strain of payroll phishes that has surfaced involving phishing emails requesting copies of pay stubs and wage statements. These emails seem to be designed to fly under the radar and not to attract attention. These malicious emails are simple and direct with an attempt to construct believable backstories. In short, they’re inviting unthinking, knee-jerk responses from targeted user. See some examples below.
Some employees respond by pointing out the would-be fraud artist and other employees may helpfully request a voided check so that they can make the requested changes immediately without any further effort on the part of the bad guys.
Here’s the thing: no anti-virus is going to stop the above examples from happening. Only users like yourself that have gone through the security awareness training will ensure that the money stays where it’s supposed to.
Please think before you click, and look for any red flags related to a phishing scams.
If you see something suspicious highlight the email and click your Phish Alert Button (PAB) to alert the IT cybersecurity team.
Information Technology Coordinator, Lakewood Municipal Utilities Authority
Training Employees to Think Before They Click
The IT Committee continues to keep a spotlight on cybersecurity. As part of our mission to provide information technology tools that advance knowledge and that help identify and manage risks in the drinking water and wastewater industry.
The Spotlight this quarter will focus on the four best ways to train employees for better cybersecurity. According to a Barracuda report, between 80 to 90 percent of companies have experienced an email-base threat in the past year, while 35 percent have been hit by a ransomware attack.
In accordance with a survey of IT security pros, below are four ways to train employees on cybersecurity risks:
- Customized examples that are relevant to an employee department and role
- Unscheduled simulation of typical attacks
- Training modules that employees can complete at their convenience
- Rewards for those who take the right actions
Whatever training you decide to implement, a multi-layered approach to cybersecurity is critical for protecting your organization and its employees, applications and data. The following are a few good resources to help you get started:
- KnowBe4 Human error. Conquered https://www.knowbe4.com/
- MediaPRO Cybersecurity & Privacy Education https://www.mediapro.com/
- Cofense Triage: PhishMe https://cofense.com/
Remember that your employees are your assets, and we need to invest in them constantly. “If you don’t get your people patched continually, you’ll always have vulnerabilities.” (Source) it’s worth training them as opposed to taking on the risk of a breach.
And finally, Think Before You Click!
About the writer: Leon McBride is the IT coordinator at the Lakewood Township MUA. He has been a member of the AEA IT committee since its inception and now serves as chair.