Many companies and government organizations are being scammed into wiring money to fake banks. This is not a new issue. Even in 2019, spear phishing is still a common problem.
The purpose of phishing is to collect sensitive information with the intention of using that information to gain access to otherwise protected data, networks, etc.
$700,000 theft to Phishing in Naples FL
On August 2019, the city of Naples on the west coast of Florida was phished into transferring $700,000 from a construction large project. Security tools are important but there is a common defense that is being overlooked. Also, the funds were associated with a construction project to renovate 8th street south.
One Mistake Companies Make That Leaves Them Vulnerable To Cyber Attacks
- Failing to train employees on their role in information security.
- Having the right tools in place is critical. Careless internet browsing is another big problem. But the most common mistake is not educating employees on how to spot a threat.
- An attacker’s success is changed upon establishing trust with its victims. Therefore, obtaining this protected information via phishing.
What phishing techniques are used by attackers?
- Including a link in an email that redirects your employee to an non-secure website that requests sensitive information
- Installing a virus through a malicious email attachment or ad which will allow the intruder to exploit vulnerabilities and obtain sensitive information
- Spoofing the sender address in an email to appear as a reputable source and request sensitive information
- Social Engineering – Attempting to obtain company information over the phone by impersonating a known company vendor or partner.
9 steps a company should take to protect itself against phishing
- Educate your employees and conduct training sessions with mock phishing scenarios.
- Deploy a SPAM filter that detects viruses, blank senders, etc.
- Keep all systems current with the latest security patches and updates.
- Install an antivirus solution, malware or equivalent, schedule signature updates, and monitor the antivirus status on all equipment.
- Develop a security policy that includes but isn’t limited to password expiration, password length and complexity.
- Deploy a web filter to block malicious websites.
- Encrypt sensitive company information when sharing over the internet.
- Convert HTML email into text only email messages or disable HTML email messages.
- Require encrypted connections to trusted network for employees that are teleworking.
As a result, when attackers get past the security systems, educated users can prevent a company from being exploited of their information.