Spear Phishing: Targeted Cyber Crime

The word password hooked by fishing hook“Phishing,” a type of cyber attack in which a hacker disguises him- or herself as a trusted source online in order to acquire sensitive information, is a common scam that can put employees and businesses at risk. However, more resourceful criminals are resorting to a modified and more sophisticated technique called “spear phishing,” in which they use personal information to pose as colleagues or other sources specific to individuals or businesses. And, when attacks contain personal information, they are much more difficult to identify as malicious.

For businesses, the potential risk of spear phishing is monumental. The 2015 Internet Security Threat Report released by Symantec Corporation, a company that specializes in security software, states that, globally, 5 out of every 6 large employers were targeted in spear phishing attacks in 2014, and that there was an average of 73 spear phishing email attacks per day.

How to Protect Your Business

Though it is difficult to completely avoid the risk that spear phishing attacks pose, there are ways to prevent further damage to your business. For example:

  • Be cautious when you are asked to divulge personal information in an email. Even if it appears to be from a trusted source, it could be a hacker impersonating another person or group.
  • Only share personal information on secure websites or over the phone. When in a Web browser, you can ensure a website is secure when you see a lock icon in the URL bar, or when an “s” is present in the “https” of a URL. The “s” stands for “secure” at the end of the normal “http”.
  • Some spear phishing schemes use telephone numbers, so be sure to never share information over the phone unless you initiate the call to a trusted number.
  • Never click on links or open attachments from unknown sources. Even opening a file that seems familiar can give a spear phishing attacker access to personal information stored on your device.
  • Ensure that your company’s security software is up to date. Firewalls and anti-virus software can help protect against spear phishing attacks.
  • Encourage employees to think twice about what they post online. Spear phishing hackers often attain personal information through social media sites. Make sure that employees know how to keep this information private to protect their own security as well as that of your business.

Regularly check all online accounts and bank statements to ensure that no one has accessed them without authorization.

 

© Zywave, Inc. All rights reserved.

Information Security is Key to a Secure Remote Work Program

laptop and coffeeAllowing employees to work remotely from home or other off-site locations can increase productivity for workers, reduce costs for the company and create beneficial flexibility to keep operations going if something happened to your business’s primary physical location. However, remote work, or telecommuting, needs to be conducted carefully with the help of established company policies in order to protect workers, your clients and your company.

Information security is the largest challenge for companies with remote workers. Physical loss or theft of devices containing data or access to data is much more likely. Remote workers will usually be in possession of laptops and/or mobile data drives issued by the company to allow them to work with the same systems and information as workers located in-house. The protection of building security, key cards and the watching eyes of other employees will not be able to protect their equipment.

Another aspect of security to be cautious about is using company-issued equipment for non-work related tasks. If laptops are accessed by family members, they could potentially download a virus or spyware. The same could happen if an employee got lax and used their company equipment for personal use. Companies should also be aware of how any sensitive data or documents will be stored and disposed of. Physical print outs especially need to be disposed of properly.

To protect your employee and your company’s interests, be sure that all equipment requires passwords and encryption for access. A thorough policy should be established regarding the line between personal and company property and activity for remote workers to prevent missteps from happening. When establishing the employee’s remote worksite, be sure that any wireless connection is secured and that your company has a policy about using unsecured connections (such as at hotels and other public spaces) for work tasks. Companies can also set up Virtual Private Network (VPN) access for connecting to the company’s networks, to ensure that access is secure.

© Zywave, Inc. All rights reserved.