I had the opportunity to go camping with my family this past summer. It was a great little adventure, and when I asked my 6-year-old son what his favorite part of the trip was, he said fishing.
It got me thinking that as business owners, managers, employees, and individuals we are subject to phishing attempts multiple times a day. My son was so excited that he caught his first fish on our trip. I’ll always remember the excitement in his eyes as we reeled in that little 4 inch sunny (that we released). He then proceeded to catch about 5 more, and much to me and my wife’s amusement, one was deemed big enough to keep and take back for dinner! Imagine how excited scammers are when they get a few nibbles and eventually hook a phish!
With ubiquitous wifi at every coffee shop, airport, and even many downtown areas, there are an unlimited number of hackers and scammers out there phishing for your corporate, personal, and employee information. Some of these attempts are geared to get very small pieces of information, seemingly not too important. They allow a scammer to understand how a company “talks” internally, including names and emails of key department heads. They are able to build a corporate profile and can impersonate an internal employee.
Other cyber threats are more obvious if you know what to look for. Sadly though, some of these phishing ploys are well thought out and many unsuspecting users fall for them. One popular phishing scam is a fake email from a big bank saying your account was compromised and you need to login in through this special link to update all your information and confirm your personal details. Many of these are very well thought out and catch some big fish!
And of course, we have ransomware (crypto viruses), malware, advertising bots etc. that can get onto our laptops and tablets and then find their way into company servers where they cost businesses millions of dollars a year in lost data, paid ransoms and time to rebuild systems.
And to clear up a few scams, Microsoft or the IRS will NEVER call you asking for your personal information or to login into your PC to do a free update to Windows or your processor. Never! Ever! Not happening!
Imagine if there were a super smart fish (some really are). This fish learned that hooks and plastic lures and glowing colored fake salmon egg balls are bad. This fish learned to avoid such lures and bait. Compared to other fish that did not know what this fish did, who would have the best chance of not falling for a fishing lure? Obviously, the fish that learned a bit about the lures and traps used by those trying to catch it.
The same goes for us. Many phishing ploys are reasonably easy to identify and avoid if you learn what to look for, and learn the common lures and bait used to trick unsuspecting users. Hackers and Phishers go for volume, don’t do what the masses do and learn to protect yourself and your organization.
Some of the well-known email scams have even made it into pop culture and are the butt of comedians jokes like a rich prince/businessman in the middle east or Africa needs you to help him get their funds into the USA and if you share your bank info, he will share his wealth with you. You just need to fund the account with $X and confirm your brokerage account info and you will be rewarded handsomely. As crazy as this sounds to most people reading this, I have a very good friend who’s father fell for one of these and it wiped out most of his retirement.
To see some recent cybersecurity hacking successes that compromised surprisingly large organizations, you can check out our previous post from a few months ago about recent cyber attacks. There are many more since that list was published not that long ago.
By learning what to avoid, you can save yourself and your company a lot of money, time and lost data. At DTS we launched a product earlier this year that helps companies train their employees on how to identify and avoid common and some not so common cybersecurity attacks including phishing, malware and more. You can learn more about our Cyber Security Service here.
We do this through a series of online videos and courses and we quiz and test users to see if they understand the training. If they do not pass, we have them review the training until they understand it. We also send periodic fake phishing attacks to see if they can identify and avoid them in real life.
We also have higher cybersecurity options that can go far beyond what traditional IT companies offer their clients regarding network and data protection. Edge security was the gold standard in data protection, meaning if your network perimeter was protected, and nothing could get in through your routers and firewalls etc. you were good. This is not the case today and has not been for quite some time. We now routinely set up advanced threat monitoring protocols including behavioral-based monitoring for clients that are concerned with data breaches (internally or externally).
Behavioral-based monitoring goes beyond monitoring for a virus or trojan or even rogue corporate spy. It flips the equation to say what behavior is normal, and if we detect abnormal behavior what do we do? For example, an employee has access to a database with sensitive client data. As part of their job they may access 50 to 200 records a day. If we detect that this employees login is accessing 300 records in 30 seconds, we know this is not normal, and we shut down that process and send out an alert to determine if this was a legitimate data retrieval call or a data breach.
Remember that not all data security threats are external. Some threats are internal, and some are intentional. A business needs to think proactively about protecting their data. If sensitive data is successfully breached, fines and lawsuits are getting increasingly more expensive.
If you would like to talk to us more about advanced cybersecurity for your organization please call us or fill in our contact form and we will set up a call or in-person visit to discuss your concerns further. You can find our contact information here.