Data breaches and cyber hacks are more prevalent than ever before. Concerns about cyber security are absolutely warranted in today’s technological landscape. It seems like every year several of the biggest organizations lose millions of people’s data.
How can we stop these kinds of attacks from happening to our own business? Well, one of the best ways is just by building cyber security awareness into your culture.
When people think of someone hacking a business they either think of an advanced hacker on television coordinating an advanced attack as they slam away on their keyboards, or someone sitting in a dark room eating Doritos. As much as the first description sounds frightening, it’s probably the second person that brought down your business.
This is because most cyber attacks are not extremely advanced. Well, they don’t start that way anyway.
The vast majority of cyber attacks begin as a phishing attempt. If you know how to spot phishing attempts then it will drastically help you fight hacking.
What is Phishing and Why is It Dangerous?
Phishing is when someone sends out fraudulent communications to get someone to give away personal information. This information could be credit cards, bank information, or other things needed to steal your data.
Phishing is highly effective. A good example of a phishing scam that everyone knows is the Nigerian Prince scam. He asks for your bank info so he can send you millions, but once you give the information over he steals your money.
This has become ingrained in our collective consciousness, but not all scams are as easy to spot.
One common thing that you might see is an email from a social media platform like Facebook. You might have an email saying that you account was compromised, and that you need to login to confirm your identity.
To most people this sounds totally normal. However, upon closer inspection you might notice that a few details don’t look right on the homepage. This is because what you thought was real was actually a fake page created to get you to enter your data. Once you enter your password then the attacker can log into your account and change everything.
Attacks like this are becoming more advanced and harder to spot. The biggest trouble with it is that the attacker does not have to do much.
They can simply send out 300 emails just like the one described above and then they wait. Chances are, someone of those 300 is going to fall for the scam. Then the attacker strikes.
If this example was not a Facebook account, but credentials for a large organization then you are in big trouble. It only takes one breach for someone to start causing massive problems. Once inside your network they could add malware that could ruin your whole business.
How Do I Fight Phishing?
Phishing is extremely difficult to combat. It is not a file or something that can be detected with software. It is much more like social engineering than it is like computer science. For this reason, phishing is something that can only be fought with awareness.
A good tactic is to brush up on common phishing practices. You want to be able to spot suspicious things like the Nigerian Prince without having to think about it too much.
There are definitely common trends with phishing.
- Unexpected emails from trusted sources
- Getting asked oddly specific questions
- Deals that are too good to be true
Things like these are common because it gets people to believe the trick. However, if you start to be more aware of the scams then they are easier to spot.
Another good tactic is to work with a professional team. Most managed service providers will offer some kind of online security basics class for your organization. This can help show your team some of the common examples, and some of the growing trends to keep an eye on.
When it comes to phishing and protecting your business, knowledge is power. Don’t wait until you become the next victim of a phishing scam!