Keeping your employees educated on identifying malicious behavior and Indicators of Compromise is essential to mitigating cyber threats from the get-go. You don't have to force your employees to become certified IT experts, but you should keep them well versed in what to be on the lookout for. Most people today have at least some understanding of what a cyber threat is. You will often hear terms like virus, hacker, and scam thrown around. A good cybersecurity program should elaborate on what these terms mean and how to identify them.

For example, you could make printouts of guides for identifying various cyber threats and post them around the facility. They could be taped to desks, posted in server rooms, and even uploaded to employee portals.

Phishing Indicators

  1. Emails from individuals with invalid addresses.
  2. Inspection of the email header reveals a suspicious-looking email address different from the one displayed in the email body.
  3. Overly urgent subject lines and email bodies.
  4. Explicit requests for money.
  5. Pretexting involving crimes, unpaid bills, and account compromises.
  6. Links to strange websites with suspicious domains.
  7. Typos and grammatical errors.
  8. Email attachments with strange file extensions.

Malware Infection Indicators

  1. Slow device performance.
  2. High utilization of network bandwidth.
  3. Heavy use of memory, disk, and/or CPU.
  4. Antivirus programs are suddenly disabled.
  5. Missing files.
  6. Task Manager reveals suspicious-looking or unknown processes with high resource utilization.

Account Compromise

  1. Account is locked despite entering the correct password.
  2. Strange account behavior soon after interacting with a strange email or pop-up, or providing your credentials to a third party.
  3. Logs reveal strange login times and login locations.
  4. New devices connected to your account.
  5. Strange messages sent from your account.
  6. Unrecognized purchases through your account.

When educating your employees, make sure to provide them with contact information to escalate incidents to. The Stage 2 documentation on Emergency Hotlines is useful information to post around your facilities.