Posted on Tuesday, May 08, 2018 in CybersecurityBlog written by Rob Swenson
Scammers are getting more creative all the time. Consider one of the most recent phishing tricks making the rounds.
Victims receive a text asking if they had requested a password change for an email account, reports Cyberheist News. If not, victims are asked to reply with the word “stop.” Next, they are asked to confirm the six-digit numerical code they received to help stop their password from being changed.
The reality is that the scammer is trying to change the password and gain access to the email account. Business employees who have not had good training might fall for the social engineering tactic.
Scammers also are fond of playing off news events such as school shootings and other emergency situations. So beware.
“Different size organizations cope with different problems, but all have employees as the weak link in their IT security,” says KnowBe4, a company that provides security-awareness services and publishes Cyberheist News.
A good source for free cybersecurity information is a publication from the U.S. Chamber of Commerce, Internet Security Essentials for Business 2.0. The 52-page publication includes information about the importance of training employees.
“Technology alone will not secure your organization and its information assets — employee education is essential to help protect company information, customer data, and employees’ own personal information at work,” according to the Chamber report. “Raise internet security awareness through a brown-bag lunch, employee newsletter, internal email, or your company’s intranet.”
Businesspeople, like consumers, are advised to think carefully before opening attachments or clicking links. If there is any doubt about the legitimacy of the message, contact the sender through a different communications channel.
The U.S. Chamber also offers a good list of cybersecurity basics that covers a range of concerns that go beyond social engineering and phishing attempts. Some of the organization’s less-obvious pieces of advice for business security include:
- Designate a person to handle cybersecurity and preparedness.
- Avoid using public Wi-Fi; use secure internet connections.
- Protect in-house access to data.
- Use trusted business partners and know how to contact them.
- Only store data that’s needed and back it up regularly.
- Dispose of unneeded data safely and securely.
Cybersecurity experts at SDN agree that employees are the weakest link in most companies’ defenses. They point out that a momentary lapse in judgment by one employee can overcome the most advanced and up-to-date networking equipment. SDN doesn’t just preach the virtues of good training; it provides training to its employees.
Multiple times a year, for example, employees at SDN’s headquarters in Sioux Falls receive fake emails designed to test their security awareness. The tests are intended to educate employees, not shame them.
As KnowBe4 stresses to clients and prospective customers, the business tradition of holding once-a-year training sessions to update employees no longer suffices. The threats of cyber theft, ransomware and data breaches are too great and always changing.
Regardless of whether they have 50 or 500 employees, small businesses are constant targets. As the U.S. Chamber advises, a business needs a good, mechanical firewall to protect their network. They also must keep software such as operating systems and web browsers up to date, and use antivirus and antispyware.
Businesses also must maintain a strong “human firewall.” That takes time and attention to detail.
Take a look at how one wrong character in a link or domain can lead to phishing credentials to retrieve passwords and access to website accounts in the new demonstration below.