The month of October 2017 is again the National Cyber Security Awareness Month (NCSAM) for individuals and organizations. This year’s theme is shared responsibility which is something we’ve been talking a lot about when it comes to public cloud support for many years.

This year Trend Micro will be supporting NCSAM with a new blog every week covering a number of different topics authored by our experts.

Oct. 2-6: Simple Steps to Online Safety (Jon Clay)

Oct. 9-13: Cybersecurity in the Workplace is Everyone’s Business (William Malik)

Oct. 16-20: Today’s Predictions for Tomorrow’s Internet (Rik Ferguson)

Oct. 23-27: Consider a Career in Cybersecurity (Mark Nunnikhoven)

Oct. 30-31: Protecting Critical Infrastructure from Cyberthreats (Ed Cabrera)

Each week these experts will be giving you information and insights you can take back to your organization and implement to help minimize your risk of infection or breach.

This week I’d like to discuss with you how you can take some simple steps to ensure the online safety of your organization and employees. Because we’re talking about shared responsibility, I’ll cover steps we at Trend Micro can do to help, but also steps you and your employees can take, as well.

From our Trend Micro™ Smart Protection Network™ data, we know that the majority of threats today are going to start with either an email message (spam & phishing) or from a webpage. In fact, when we analyze the threats detected within our customer base, more than 98 percent of the threats are blocked at the messaging or web layer. As such, the first step you want to take is to review your security solutions at these points within your network. Blocking the source of the threat at your gateway or in the cloud is the best place to detect a threat as there is no endpoint resources used in analyzing and blocking a malicious file there. When reviewing your solutions at these two areas you want to look for some of the more advanced technologies that can detect 0-hour threats that can bypass some of the traditional scanning technologies. Machine learning/AI, sandboxing, behavior monitoring, script analysis and other technologies can help detect threats like spearphishing, business email compromise, drive-by downloads, ransomware, and other threats that come across these infection vectors. Look for solutions that include these newer technologies as you’re reviewing your capabilities. For our part, Trend Micro has been investing in and developing many innovative technologies and adding them into our solutions to protect our customers from these threats.

On your side, we recommend helping your employees understand the threats targeting them and some simple steps they can take to ensure they don’t fall for many of today’s greatest scams.

Many threat actors will send spam or phishing emails during those times of day when they know employees are going through a lot of email and hope they don’t pay attention. NCSAM recommends Stop and Think before opening that attachment or clicking on that link. On a PC, mouse over any links to ensure the URL is the same as the link shown, as many times cybercriminals will replace the link shown with a malicious link underneath.

Review the domains closely as many times malicious domains will be used that look similar to the legitimate domain. Instead of trendmicro.com they will register trendnnicro.com

Don’t click on any ads displayed on webpages as these could be malvertisements.

Instead of clicking on the link within an email message, type in the organization’s website directly into a browser.

If something looks suspicious, contact someone within the organization to check. This also is a good time to ensure all employees know who to contact when they see something suspicious.

All employees in finance and HR should understand how Business Email Compromise works and use a secondary method to verify requests for money transfers or employee record requests.

These are just a few things we at Trend Micro can do to help your organization and what you can do to improve the security of your network and employees. Keep tuning in to our blog each week this month to get more tips and insights into other areas of your business, as we all share the responsibility into making the world safe for exchanging digital information.