Supervisory control and data acquisition (SCADA) helps companies get information faster and more efficiently. But, as with most new technologies, SCADA can present security issues, making companies vulnerable to hacking. Within our contemporary world, we have had to adapt to these new ways that others can threaten our businesses. Cyber security is a top priority in many of today’s companies, as hacking is one of the easiest ways for an outsider to get their hands on sensitive information. SCADA cyber security can be taught and implemented company-wide, and one of the first and most important lessons is learning how to identify phishing emails.
Consider sending out fake phishing emails to your company by getting your IT team to create emails with suspicious features. These features can include a slightly altered email domain (like “gmaill.com”), advertisements embedded in the email, links that the receiver is urged to click, and more. Employees are often confused by emails that look as though they are from their supervisor, emails with a link that does not look suspicious whatsoever, and many other tricks hackers use to capitalize on SCADA vulnerabilities
If you get an email in your inbox and it’s telling you things such as: you must act within the next hour, you’re going to lose your spot if you don’t respond immediately, and they use things like all caps lettering to make it feel urgent, be wary of that email. Most things in today’s world can wait, since we are all so interconnected and have multiple ways of communicating with one another. If something is that urgent, you’ll most likely receive a phone call from someone about it.
Most emails you receive at work should be from your own work’s domain, but you may get an odd Gmail or Yahoo email every once in a while. Hackers can often be identified by domains that look slightly off, such as “gmaill.com” as aforementioned. Practice SCADA security by staying connected with your coworkers, and call your supervisor if an email comes through looking like it’s from them, but has other suspicious qualities.
Personal Information Requests
Sometimes phishing emails will urge you to enter sensitive personal information, such as your social security number or debit card number, and they will again insist that it’s time sensitive. Some emails will claim that your identity has been stolen, and that the only way for you to protect yourself is to give your social security number to this person saying that they can help you.
Links or Attachments
One of the easiest ways for hackers to gain access to your systems is if you click and open something sent to you such as a link or attachment. It’s recommended that you confirm you are receiving an email from someone you know before opening anything within said email. To test your theory, if you suspect something is off, you can try replying to the email and seeing if you get a suspicious response, or no response at all. Always contact your supervisor or your IT department if you have a bad feeling about an email, and ask coworkers if they got something similarly suspicious.