Posts

5 things every employee in your company needs to know about phishing attacks

First things first, just to make sure we’re all on the same page.

Phishing is a type of cybersecurity attack. Someone impersonates a legitimate entity to try to persuade the recipient to hand over sensitive information. Most phishing happens via email.

Compared to other forms of hacking, phishing is quite easy to execute. In fact, the first “phishers” used AOL in the 1990s to get information from unsuspecting AOL users. These attacks were painfully simple. But here’s the kicker. They didn’t differ much from phishing attacks of today!

The attackers simply pretended to be AOL employees. Even if only a few victims believed their ruse, the attack was worth it. That’s because if even one person falls for a phishing tactic, the results can be devastating.

Here are the fundamental things all your employees need to know to protect your company from phishing attacks.

1. Phishing can happen anywhere

While most people think of phishing as occurring exclusively via email, it can also happen on social media sites, in messaging apps, and through any method of online communication.

If your employees are communicating anywhere online, they need to make sure they really know who is at the other end.

2. Phishing can get complex

Some phishing attempts are just hackers sending out emails to a random group of people and hoping one of them will bite. But an increasing number of phishing attacks are getting more sophisticated.

In some cases, hackers will spend months or more building a relationship with the target through false social media profiles and frequent communications. This combines catfishing and phishing, forming a dangerous combination.

After a while, the target grows comfortable with the hacker and trusts them enough to share personal information.

3. Phishing costs businesses a lot

Some sources estimate that phishing attacks may cost American businesses up to $500 million per year, with thousands of businesses targeted and more personal consumers attacked at home.

That figure comes only from the attacks that were investigated by the FBI over a period of three years, so it is likely that the total cost to US businesses is more than that.

4. There are multiple types of phishing attacks

There are a few major types of phishing attacks. The most basic is when attackers email a random group of people and hope that a few of them will fall prey to the scam.

“Spear phishing” is a targeted attack that centers on one organization or a group of individuals. Attackers pretend to be someone from within the organization—a client or vendor—in order to infiltrate and get access to sensitive information. Some spear phishers are able to hack into organizational communication systems so the messages really do appear to be coming from the inside.

“Whaling” is when a spear phisher goes after a huge target.

5. Here’s how you can recognize phishing

There are many trademarks of a phishing attack. Educating employees about these signs can save your business a whole lot of money. Some of these may seem a bit obvious, but to those who are not as savvy, it’s important information that could stop an attack.

Phishing emails often come from addresses that seem like they could be legit. But if you examine the address more closely you’ll notice that it’s a little off. Perhaps it’s one letter off from the company’s actual name or the email address doesn’t follow the convention of other people you have met from that organization. You will find a similar situation with URLs in phishing messages.

Many phishing emails have bad spelling and improper grammar, typically due to poor translations. If it was coming from a legitimate organization, typos are possible, but not usually at the magnitude seen in phishing emails.

Finally, if a message seems too good to be true, it probably is!

Use these tips to avoid harmful phishing attacks. For more information on how to protect your business, be sure to contact your IT support partner.

5 things every employee in your company needs to know about phishing attacks

First things first, just to make sure we’re all on the same page.

Phishing is a type of cybersecurity attack. Someone impersonates a legitimate entity to try to persuade the recipient to hand over sensitive information. Most phishing happens via email.

Compared to other forms of hacking, phishing is quite easy to execute. In fact, the first “phishers” used AOL in the 1990s to get information from unsuspecting AOL users. These attacks were painfully simple. But here’s the kicker. They didn’t differ much from phishing attacks of today!

The attackers simply pretended to be AOL employees. Even if only a few victims believed their ruse, the attack was worth it. That’s because if even one person falls for a phishing tactic, the results can be devastating.

Here are the fundamental things all your employees need to know to protect your company from phishing attacks.

1. Phishing can happen anywhere

While most people think of phishing as occurring exclusively via email, it can also happen on social media sites, in messaging apps, and through any method of online communication.

If your employees are communicating anywhere online, they need to make sure they really know who is at the other end.

2. Phishing can get complex

Some phishing attempts are just hackers sending out emails to a random group of people and hoping one of them will bite. But an increasing number of phishing attacks are getting more sophisticated.

In some cases, hackers will spend months or more building a relationship with the target through false social media profiles and frequent communications. This combines catfishing and phishing, forming a dangerous combination.

After a while, the target grows comfortable with the hacker and trusts them enough to share personal information.

3. Phishing costs businesses a lot

Some sources estimate that phishing attacks may cost American businesses up to $500 million per year, with thousands of businesses targeted and more personal consumers attacked at home.

That figure comes only from the attacks that were investigated by the FBI over a period of three years, so it is likely that the total cost to US businesses is more than that.

4. There are multiple types of phishing attacks

There are a few major types of phishing attacks. The most basic is when attackers email a random group of people and hope that a few of them will fall prey to the scam.

“Spear phishing” is a targeted attack that centers on one organization or a group of individuals. Attackers pretend to be someone from within the organization—a client or vendor—in order to infiltrate and get access to sensitive information. Some spear phishers are able to hack into organizational communication systems so the messages really do appear to be coming from the inside.

“Whaling” is when a spear phisher goes after a huge target.

5. Here’s how you can recognize phishing

There are many trademarks of a phishing attack. Educating employees about these signs can save your business a whole lot of money. Some of these may seem a bit obvious, but to those who are not as savvy, it’s important information that could stop an attack.

Phishing emails often come from addresses that seem like they could be legit. But if you examine the address more closely you’ll notice that it’s a little off. Perhaps it’s one letter off from the company’s actual name or the email address doesn’t follow the convention of other people you have met from that organization. You will find a similar situation with URLs in phishing messages.

Many phishing emails have bad spelling and improper grammar, typically due to poor translations. If it was coming from a legitimate organization, typos are possible, but not usually at the magnitude seen in phishing emails.

Finally, if a message seems too good to be true, it probably is!

Use these tips to avoid harmful phishing attacks. For more information on how to protect your business, be sure to contact your IT support partner.

Data Madness: Physical and digital, ensuring that critical data stays safe

With March winding down, it is important to remember the significance of confidential corporate information. Data has been called the new oil, however, as Business Insider pointed out, this is not a great comparison. Unlike oil, more data does not intrinsically mean greater value. The nature of this information greatly matters.

So really, data is more like sediment. Some bits are just pebbles – numerous beyond count and basically interchangeable. However, certain information – like say personal identification information and dedicated analytical data – is immensely valuable. These are the gemstones, the gold, and this data must be protected.

To avoid data madness, or the immense financial and irreparable damage done by lost confidential information, follow these tips to safeguard valuable data:

"Around 23 percent of IT thefts occur in office."

Securing physical data
While many organizations worry about theft from cars, airports or other public places – not enough information is paid to a real danger: the office. According to a Kensington report, 23 percent of IT thefts occur in office. This is nearly 10 percent higher than hotels and airports.

The same report found that over a third of IT personal have no physical protection in place to prevent hardware from being stolen. Only 20 percent used locks to protect hard drives.

While organizations worry about small devices like wearables and smartphones, basic security cannot be overlooked. Companies must take steps to ensure that only employees or approved guests have access to the premises. Even then, not every worker needs universal access. Server rooms and hardware storage should be kept behind additional locks.

IT teams should also be required to keep a thorough inventory of all network-enabled data devices. This will alert the organization quickly should a theft occur. While cybersecurity grabs headlines – the importance of a good, strong physical lock cannot be overstated.

Malicious third parties are not above using simple and primitive tactics.

Protecting digital data
While physical protection is essential, cybersecurity is rising in importance. Gemalto data states that, since 2013, more than 9 billion digital records have been stolen, misplaced or simply erased without authorization. More troubling is the recent increases in data loss. Gemalto also recorded a steady rise data breach occurrence and a dramatic uptick in misplaced or stolen information.

Cybercriminals adapt quickly and their tools are constantly evolving. Deloitte released a report chronicling the increasing tenacity and sophistication of ransomware, a disturbing cyberattack that strips away essential data access from organizations and charges them to get it back. Infamous attacks like WannaCry made headlines last year and unfortunately these incidents are expected to become more common.

When enhancing cybersecurity, take a company-wide approach. Every employee with network access needs to be educated on basic risks. Network administrators should also structure internet connectivity to run on the principle of least privilege. As with the physical server room, not every employee needs access to every file. Permissions should be given sparingly.

Lastly, businesses need a concrete plan if and when a data breach do occur so that they may respond efficiently and swiftly to contain the attack. 

Finding  the point of breach quickly can reduce the damage done by cybercriminals. Finding the point of breach quickly can reduce the damage done by cybercriminals.

The Cloud Advantage
One of the reasons that cloud services are so popular is that they alleviate certain cybersecurity concerns. Many businesses, especially smaller organizations, have budget restrictions, whereas a cloud services provider like Microsoft annually invests $1 billion in cybersecurity, according to Reuters.

Handing off information security concerns to a trusted organization with more resources is a way to help safeguard your data, backing it up so that it will never be lost or stolen by a malicious third party.