All Hands Newsletter

Work Smart

IT – Data Security

"Phishing" scams are a very popular tactic hackers use to trick users into thinking they received an email or text from a reputable company. Scammers use logos, fake but realistic-looking email addresses, contacts in your mailbox, and more to trick you into clicking malicious links which compromise our security. Falling for a phishing scam could lead to widespread damage to DISA, including data loss, lawsuits, and a loss of brand reputation.


For every one of these high-profile cases that make the national news, hundreds of other attacks on other smaller companies/entities do not. Companies of all sizes and across all industries are subject to these attacks. 

The attack on these companies, public institutions, and government agencies is a reminder that DISA is also a target. Each month, DISA receives thousands of suspicious emails. This increasing threat is why we must all be diligent and avoid clicking on links from suspicious emails. Double-check emails that you were not expecting and increase suspicion when dealing with messages from contacts you do not know.


To help you combat the increasing number of phishing incidents, we wanted to send out some tips to help raise awareness and keep you (and DISA) secure.

 

Tips to spot a scam:

  • Unsolicited messages sent to you
  • Misspelled words or poor grammar
  • A link that leads to an unfamiliar site (hint: hover over the link without clicking to view the destination)
  • Strange requests such as "send payment," "open the attached document," or "click the link."
  • No contact information was provided, or there was an attempt to spoof someone else

 

How to avoid these attacks:

  • Above all else: Don't click the link or open a document without first verifying
  • Carefully inspect the message before responding, or clicking a link, or opening an attachment. 
  • Be skeptical. When in doubt, send an email to ITEMAILCheck@DISA.com to have the message investigated.
  • Be careful about the info you share on social media. Oversharing can be used to target you.

Best Practices

It is important to remember that we must remain vigilant in our workplace security. That extends not just to the office, but also on the road and at home. DISA client information must always be protected regardless of the circumstances. 

Please be aware that there may be many online scams and phishing attempts.


Security Best Practices During This Situation:

As always:

  • Be aware of phishing scams/fake websites/suspicious phone calls
  • Never share your password with anyone!


If working remotely:

  • Do not use a public WiFi network for work-related connectivity
  • Utilize a DISA-managed VPN system when working from home if necessary
  • Employees should not print PII at home. Even in the office, we should all be working towards our paperless initiative and only print what is absolutely essential
  • Only store data on a DISA-managed device, such as a company-provided laptop. Ideally, data is not stored on any device, DISA-managed or otherwise