When it comes to cybersecurity, the biggest vulnerability that any business faces is the human element. More often than not, hackers gain entry to an organization’s server through an unsuspecting – and very human – employee. This is why even the most cutting-edge security programs can’t protect you if your employees are not properly trained about phishing attempts. Phishing is a method hackers use to gather sensitive information, generally through email scams.
Consider everyone in your company to be part of your IT department. They all play a role in keeping your business safe and secure. The SLAM method is a fast and effective way to get your employees educated and on the lookout when a new email rolls in. SLAM stands for Sender, Link, Attachment, and Message and it’s a helpful way to remember the basics.
Treat everyone in your company to be a part of your IT department, as they all can be targets of bad actors.
SLAM – S is Sender
When you get an email, the first thing you should do is look at the email address of the recipient. Instead of glancing at the sender and moving onto the email, look closely at the email address in question. Hackers deliberately mimic known contacts so that you won’t think twice about opening the email and any attachments. However, if you take the time to reread the address, you might be able to spot a slight misspelling or something of that nature. After all, hackers can’t create an email address that’s already in use. What they’ll do is throw in an extra character and hope you don’t notice. Always double-check the domain, too. Companies will use their own name in the domain address. A professional company sending an email from a Gmail or Yahoo account would be a serious red flag. (Compliancy Group)
SLAM – L is Links
Don’t click on any links, period, unless you’re absolutely sure that the email is legitimate. Everyone knows to be careful around suspicious attachments, which is why a lot of hackers have switched to using links, instead. Since the links themselves are harmless, they’re generally not flagged by security software. However, the page that the link sends you to can be packed full of malware, which could infect your computer and, subsequently, your network. The easiest way to check for a malicious link is to hover your cursor over the link in question – don’t click it – and check the URL that pops up. It’s often easy to spot a scam. If you get an email saying that an account of yours has been compromised – Amazon, eBay, etc. – don’t click the link, but instead open a fresh browser window and head to the actual site. (G5Tech)
SLAM – A is Attachments
We mentioned attachments in the section above. Opening an attachment from an unknown sender is incredibly dangerous. In fact, we recommend you don’t even open attachments from senders that you do know until you verify that they’re the ones who actually sent it. It is possible for scammers to get access to someone’s email address and then use that address to phish everyone in their contacts list. Give your contact a phone call and confirm that the attachment is actually from them. (eTactics)
SLAM – A is Attachments
In addition to verifying the sender’s email address, links, and attachments, you should also read the text of the email itself before clicking anything. It’s not hard to spot phishing rhetoric, especially from a contact whom you’ve communicated with before. You’ll notice the phony, overly professional tone, sometimes with cliches like “kind regards” included. Most people don’t actually speak like this, so the odd language should stick out like a sore thumb. If you’re still unsure after reading the message, your contact is only a phone call away. (Nerds on Site)
Teach your Team SLAM
Phishing attacks are only growing smarter and more frequent, and the SLAM method is a great way to get employees up to speed in a way that they’ll remember. Your team members – not your software – are your first line of defense against cyberattacks.
