print   email   Share

Lowering The Cybersecurity Risks Created By Staff

A new Facebook Messenger scam takes advantage of users' interest in seeing videos of themselves posted online.

In this scam, victims receive a Facebook message from a friend asking them "You are in this video?" with a link to the video they are supposedly in. When users click on the link, it directs them, not to a video, but to a fake Facebook login page. The page asks the victim to enter his username and password, which the cybercriminals then steal and use to access the account. The hackers then use the compromised account to send the scam message to more users.

Alternately, the video link may direct the user to a page with a link to download video software infected with malware. If the user clicks the link, his computer will be infected. Waqas "Facebook users hit with "You are in this video?" malware scam," (Jan. 2017).

Commentary and Checklist

Family employers can protect their data and devices by creating an Internet use policy for staff and by routinely training staff on cybersecurity best practices when using family-provided hardware and software.

Staff members with access to family data, including financial information and family personal information like birth dates and images, can put a family at risk without knowing it.

For those staff members who use workplace computers and devices and have access to the family networks or information, you must require regular cybersecurity training. Teach them about the importance of always using strong passwords and secure wireless connections. Discuss how phishing scams work and provide examples of recent scams. Make sure staff knows that they should use extreme caution when clicking on any links or attachments.

Consider the following when creating an Internet use policy for your staff:

  • Prohibit staff from using work devices to check their personal email or social media pages. If you do allow social media use at work, require staff to use their personal devices.
  • Train staff to never click on a link or open an email attachment unless they are certain what it is, even if the email or message was sent from someone they know.
  • Prohibit staff from posting your or your family's personal information or images on their social media pages. Also prohibit staff from "checking in" to locations when they are with you or your children, and from posting about upcoming vacations with the family.
  • If staff posts on your personal or organizational social media pages as part of their work duties, make sure they clearly understand what information can and cannot be shared. Tell them not to click on links shared over social media.
  • Train staff on signs of a malware infection and to immediately disconnect from the Internet if they suspect an infection, but to leave the device on. That way a computer professional can more easily investigate the issue.
  • Tell staff to notify their manager promptly if they believe their work device or computer was hacked.
Finally, your opinion is important to us. Please complete the opinion survey: