Security concern – Cyber Awareness

The internet as we know it is our best friend! We cannot imagine our world without being connected. Used improperly, it can also turn out to be our enemy! There are all kinds of people out there – it is
important to be aware of cybercriminals who can attack your personal mobile, office computer, personal computer, servers, et all. The following note is intended to create more awareness about
cybersecurity. This is very important that ALL OF US follow the guidelines without exception!

Everyone (yes, every. single. person.) in Peepaldesign needs to know what hackers are trying to do, and what role you all can play in stopping them.

In an effort further, enhance our company’s cyber defences, we want to highlight a common cyber-attack that everyone should be aware of – Ransomware.

Ransomware is increasingly being used by hackers to extort money from companies. Ransomware is a type of malicious software that takes over your computer and prevents you from accessing files until you pay a
ransom.

Although we maintain controls to help protect our networks and computers from this type of attack, with the quickly changing attack scenarios we rely on you to be our first line of defense. Here are some simple things you can do to help avoid a ransomware/malware attack:

1. Think Before You Click: The most common way ransomware enters corporate networks is through email.
2. If Something Seems Wrong, Notify IT: If your computer is infected with ransomware, you will typically be
   locked out of all programs and a “ransom screen” will appear. In the
   unfortunate event that you click a link or attachment that you suspect
   is malware or ransomware, please notify IT immediately.

In an effort to further enhance our company’s cyber defences, we want to highlight a common cyber-attack that everyone should be aware of – Phishing.

“Phishing” is the most common type of cyber-attack that affects organizations like ours. Phishing attacks can take many forms, but they all share a common goal – getting you to share sensitive information such as login credentials, credit card information, or bank account details.

We’ve outlined a few different types of phishing attacks to watch out for:

1. Phishing: In this type of attack, hackers impersonate a real company to obtain your login credentials. You may receive an e-mail asking you to verify your account details with a link that takes you to an imposter login screen that delivers your information directly to the attackers.
2. Spear Phishing: Spear phishing is a more sophisticated phishing attack that includes customized information that makes the attacker seem like a legitimate source. They may use your name and phone number
   and refer to Peepal design in the e-mail to trick you into thinking they have a connection to you, making you more likely to click a link or attachment that they provide.
3. Whaling: Whaling is a popular ploy aimed at getting you to transfer money or send sensitive information to an attacker via email by impersonating a real company executive. Using a fake domain that appears similar to ours, they look like normal emails from a high-level official of the company, typically the CEO or CFO, and ask
   you for sensitive information (including usernames and passwords).
4. Shared Document Phishing: You may receive an e-mail that appears to come from file-sharing sites like Dropbox or Google Drive alerting you that a document has been shared with you. The link provided in these
   e-mails will take you to a fake login page that mimics the real login page and will steal your account credentials.  

What You must do

To avoid these phishing schemes, please observe and follow the below
email best practices:

1. Do not click on links or attachments from senders that you do not recognize. Be especially wary of .zip or other compressed or executable file types.
2. Do not provide sensitive personal information (like usernames and
   passwords) over email.
3. Watch for email senders that use suspicious or misleading domain names.
4. Inspect URLs carefully to make sure they’re legitimate and not imposter sites.
5. Do not try to open any shared document that you’re not expecting to receive.
6. If you can’t tell if an email is legitimate or not, please inform IT.
7. Be especially cautious when opening attachments or clicking links if you receive an email containing a warning banner indicating that it originated from an external source.

Thanks for helping to keep our network, and our people, safe from these cyber threats.

Remember – All it takes is ONE attack to create havoc! Let us create an organization-wide shield that no one can penetrate.