Let’s Not be Fooled In April
Cybersecurity Awareness – By Ron Frechette, The Cyber Guy
For those who read our article last month, March Madness and Hacking, we discussed the history of hacking and how cybercriminals are beginning to stray away from large enterprise organizations and focusing attacks on small-midsize businesses (SMBs) and individuals where the majority of the population lacks the basic cybersecurity know-how to prevent their business & personal data from being compromised.
Let’s face it, if we decided to get into the burglary business, are we going to target the house where the large German Shepherd and “Protected by ADT” signs can be seen in the front yard, or would we have more success targeting the houses that have no signs of security in sight? Whether it’s home or your business, implementing the eight Cybersecurity Hygiene Tips we provided in last month’s article will serve as your “German Shepherd and ADT signs.”
Once we have security controls around the cyberspace where our business & personal data resides, the cyber thugs will most likely drive by (via phishing, scanning and/or sniffing tools) and choose to move on to targets with little or no signs of security. Unfortunately, that makes up most of the global population today.
So, for April, as we continue our journey to become more aware of how cyber criminals can wreak havoc in our lives, let’s turn our attention to learning how not to be fooled by what are known as Social Engineering and Phishing attacks.
Social Engineering is the art of manipulating people into performing certain actions that result in divulging confidential information to be used for criminal purposes. Any security professional will tell you that people are the weakest link in the security chain. No amount of ADT security signs or guard dogs will matter if we trust the person who says they are with the pest control company and we let them in without first confirming if they are legitimate. At that point, we become vulnerable to whatever risks that person or other threat may introduce to our environment.
Phishing is a form of Social Engineering. Phishing attacks fall into three major categories:
- Pretext Calling – This is a prefabricated criminal calling campaign that targets company employees. A common scenario is a person claiming to be the Help Desk/IT department needing to verify an employees’ credentials. Once access to the network has been achieved, criminals can elevate privileges and find their way to the valuable information within the network.
- Phishing Emails –These email attempts appear to come from legitimate sources such as within your own company, a popular company, bank, school, or institution. Most common email scams are Ransomware, Spear Phishing, Consumer Phishing, Data Breaches and Business Email Compromises. We will cover this in further detail in future articles.
- Tailgating – Also known as piggybacking, tailgating involves someone who lacks the proper authentication following an employee into a restricted area within a physical office building. Once in the office, they can gain access to laptops or workstations.
What are They After?
The type of information cyber criminals seek varies, but most common are passwords, bank and credit card information. Protected health information (PHI), is by far the most valuable type of data cybercriminals seek due to the diversity of fraud schemes they can set up and data shelf life.
How Not to be Fooled…
- Think Before You Act.Cybercriminals want you to act first and think later. Never let urgency influence you.
- Research the facts.If the email looks like it is from a company you use, do your research.
- Curiosity leads to careless clicking. If you don’t know what the email is about, do not click any links.
- Beware of downloads.If you don’t know the sender personally and are not expecting a file from them, downloading is a mistake.
- Set Email Filters to High. Look under settings options and set to high. Remember to check junk folder periodically.
- Secure all Computer Devices.Install endpoint security software on all devices and keep these up-to-date.
Cybersecurity is a Journey, Not a Destination
There are approximately 10 to 12 million new malware variants released every month. Just when we have a fix for one, cybercriminals are launching scores of new strands. As we embark further into the Digital Age, we must view cybersecurity as an ongoing journey that will require us to change course to stay safe in cyberspace. Wishing all a safe and secure journey!by