Experts are often asked what is the biggest threat to cyber security and many answers may be given. If you ask the Secretary of Homeland Security, Jeh Johnson, you will hear something that may surprise you. Sure, if you hook up any device to the Internet, it is likely that someone will start attacking immediately with something for various reasons. But to Johnson, the biggest threat is good old reliable phishing.
Why is this? Because it’s tried and true. It is what catches out many with sometimes very painful results. In fact, it is how hackers were able to leak information from the Hillary Clinton campaign. It’s how Sony Pictures was so famously thrust into the cyber security spotlight, how the Target breach occurred, and how the “bad guys” ended up acquiring very sensitive information on over 21 million people in the Office of Personnel Management (OPM) incident.
It is increasingly critical that everyone knows how to determine if an email message is indeed phishing. It’s not so easy to just look at it and make that call anymore; we will give you that. However, it isn’t impossible either. Most of the time, we can rely on our own intuition. If whatever the message is asking or claiming seems “phishy” or just sounds too good to be true, it is. It really is that simple.
Remember that if you receive an email that you are not expecting, regardless of who sent it, it should always be met with a bit of suspicion. And if it comes from a company like Google or your financial institution claiming something has changed or is amiss with your account, don’t click links or attachments to figure it out. Instead, log in directly to your account using a previously bookmarked link that you know to be safe or by typing the address of the site into the browser. You can see communications or check information that way and feel good about it.
If you are a business, always make sure your employees, staff, and contractors are educated on phishing. Homeland Security tests its people by sending phishing emails promising a big prize. The email asked them to click a link and if they did, there were instructions on where they could go to pick up their prize. When they got there, not only were they disappointed to not get their promised football game tickets, but they also got a lesson on cyber security.
While implementing security tools is also a good idea and well worth the money and effort to protect your home or office network, it should not be the only tool in the toolbox. Always include a cyber security training program for everyone that connects to the Internet. This means spending some time teaching kids and all new Internet users how to browse safely.
Cyber criminals are turning to phishing more often these days not to infiltrate networks, but to capitalize on the gullibility of the human race for a quick buck. Now that means getting ransomware onto those computers. In fact, according to security company PhishMe, more than 97% of the phishing emails they analyzed contain ransomware. So rather than paying up because some nefarious person has encrypted your data, keep current backups of your files. This will allow you to quickly put them back online without sacrificing your hard-earned cash or getting your company into the news for a breach.
© Copyright 2017 Stickley on Security