Spear phishing has become a leading way hackers gain access to business systems and data. They use natural human familiarity as the weakness. You receive an e-mail from an executive within your company. Will you take the time to second guess the sender? Will you hesitate clicking a link or an attachment that is deemed important by this person? Likely not. Even those who know the risks and precautions may easily fall victim to this type of hack. It thrives on the information that is already available to the hacker. They find out enough about you to make the e-mail not only look like it is from someone you know, but also include information within the e-mail that will reinforce this familiarity, such as referring to a project or another team member.
For a business to try and fight against this type of hack, employee communication is important. In 2014, 56% of those polled by Dark Reading cited “lack of employee awareness” as the most dangerous social engineering threat to organizations. Consistent training and constant communication will give employees the tools to proactively question an e-mail they receive.
Avoiding the most obvious risk should be lesson number one. No matter who the e-mail is from, even the CEO of the company, make sure employees know not to give out information such as passwords or business account numbers. They should question and verify the e-mail when this type of information is requested at any time. You can no longer trust an obvious phishing sign like a request from a foreign national looking for money. Spear phishing takes the extra effort to look past the initial information in the e-mail into the overall intention.
As always, make sure your employees know to think before clicking a URL or downloading any files. Today, malicious attachments come in all types, not just .exe files, and URLs may lead them to a Web site that looks legit but is actually a phishing site that will then request confidential information, such as logon credentials. It is easy to verify a domain or run a scan on an attachment, so users should know the necessary steps of verification.
Lastly, recommend that your company take precautions when it comes to cybersecurity. Instead of large, all-in-one product add-on tools that just give you a small, top-level view of activity, recommend that your company use the most targeted security tools available. To mitigate security risks, this should include the ability to proactively block malicious URLs, discover and analyze Shadow IT and cloud services, and supply comprehensive drill-down reporting on Web-access activity for your entire distributed workforce.
Wavecrest Computing has been the recognized leader in Web Security for over 19 years with CyBlock and Cyfin Solutions. These scalable filtering and forensic reporting analysis products are designed to enable organizations to successfully address Internet abuse, legal liability, shadow IT, workforce productivity, and Web security threats. FREE bandwidth audit available!