Big news, folks. This week, two deeply researched reports by Verizon and Symantec Corp are being released, and what they have found about cyber security breaches are as follows:
“The vast majority of hacking attacks are successful because employees click on links in tainted emails, companies fail to apply patches to known software flaws, or technicians do not configure systems properly,” as reported by the Insurance Journal.
Boom. Basically, this means: the curtains veiling the smoke and mirrors touted by the media in order to make hackers look like geniuses can be quickly pulled back, revealing that these cyber security breaches are not all that sophisticated. What it comes down to it; it is the responsibility of the company to ensure that their IT environment is managed successfully, and that their employees understand the basic risk that is “phishing.”
Phishing is a term heard rather often in the news, but do you actually know what it means? Phishing is the security industry’s term for trick emails. Now think about all those times you heard that term; that means there are A LOT of trick emails floating around.
While many of us may consider ourselves smarter than your average “trick email,” I’m sure that very same “us” have a handful of co-workers that will openly admit they probably wouldn’t know the difference. Let’s face it; we are not all Millennials who grew up with a free Hotmail account that ONLY received trick emails (and the occasional chain email, of course).
Here’s some basic tips to consider:
1. Do you have ties with this company? Always, always, start here. Take a moment and think; do I have an account with this company? Have I done business with this company? If you get an email from UPS asking for information – have you personally just shipped a package from UPS? Even if you have – they won’t ask you for info over email, but that’s another story. Just take a moment to think about if it has anything to do with you. This can eliminate a ton of issues right here.
2. Be suspicious of any email with “urgent” requests for personal, account, or financial information. Emails may ask for “verification” or you could risk losing your account, etc. Once again, do you even have an account with them? If so, call them up and ask if this is legitimate. But I haven’t come across a single company that asks for personal information over email this way.
3. Don’t even click on links in emails. If you aren’t sure; just type in the web address yourself to your browser and log in to your account yourself. If there’s any alerts or anything you should be aware of – your account will notify you once you are there.
4. Don’t download or open attachments. Unless you know it’s that report you’ve been waiting on from Bob in over in accounting – don’t even do it. If you don’t recognize the sender or know exactly what it is about – don’t open it.
5. Don’t send any personal information via email period. Just don’t even fill out forms in emails. It’s so widely understood to be a security threat to ask for information via email that companies just do not do it. Even if you click on something (which you won’t because of #3) in an email that takes you to a web page with a form to fill out – just don’t do it.
6. Report suspicious emails. All of our customers should forward suspicious emails to the Support team so the proper steps can be taken if it is a threat. (Even if it turns out to be OK we are happy to help).
7. Lastly; help each other out! If you have a co-worker that may not be as well versed as yourself in phishing scams, go over these tips with them – tell them you’d be happy to look at any and every possibly suspicious email. And vice versa; don’t be afraid to speak up if you aren’t sure about something.
Photo via: Allstate.com
Info via: Reuters.com, SEC.gov