IT professionals spend their time (and the company’s money) creating the most secure environment possible for businesses to do business. But there is one key component of cyber security that often gets overlooked — people. That means all the people who interact with your company’s technology from employees to clients to visitors using your WiFi.
And cyber criminals know it. That’s why attacks with computer viruses, which can be stopped with technology, have given way to phishing attacks.
Phishing sounds like fishing for a reason. These are attempts to lure people into taking an action that lets cyber criminals into your company’s systems. But people can learn not to take the bait, and a little training can go a long way to making your company more secure.
That’s why you should warn your staff about these five common phishing scams of 2020 reported recently by betanews.
This is an email scam, but also involves look-alike websites. The employee receives an email that appears to be from a vendor or company that your company does business with. It might mention a delinquent account or say the account was frozen for fraud — something that makes the user think “uh, I better deal with this NOW.”
Clicking links in the email seems to go to a familiar site. Company logos, colors and designs are used or mimicked. All of this is to make your employee feel safe when prompted to sign in or verify their banking details, which is when data is captured that can be used to breach the company’s security. Of course, individuals and personal accounts are also targets of spear phishing.
Smishing, vishing and angler phishing
Smishing and vishing are just like spear phishing except they don’t start with an email. Smishing begins with a text message while vishing starts with a phone call. Angler fishing directs people with access to your social channels to login on fake urls and cloned websites so cyber thieves can capture those login details.
But the idea is the same, to lure the person into giving up information by posing as a reputable and familiar business.
If you work for a company and get an email from the CEO asking you to pay a bill, send him or her a document or take some other action, your first instinct is to do it. Fast. Cyber criminals use this impulse to their advantage by making emails seem like they are coming from a company officer or leader. This is called whaling.
The role of social media
You know those verification questions you are always asked to provide when setting up an account? Mother’s maiden name, high school mascot, first pet… and the like? Have you ever posted something on social media that would give cyber criminals the answers to those questions? Think about it and choose verification questions accordingly.
True cyber security doesn’t end with your IT team or managed service provider. It needs to involve the whole company and a little education goes a long way. You’ll be helping your business and helping all of your staff recognize and avoid cyber attacks in their personal lives. If you need help or ideas to get started, give your Convergence Networks account team a call. We’re here to help. Not a client? Contact us.