The bad guys have access to your company data and guess what? They didn’t hack their way into your system. You, or one of your employees, let them in.
Phishing attempts use deception to steal sensitive information about your business through email, telephone, text messages, and social media. These schemes use two methods. Social engineering gains the trust of an employee to provide information. Precision-targeting, called spear phishing, uses public information to communicate with employees to appear as a legitimate request. Attackers are using these methods to steal information like usernames and passwords, financial data like credit card numbers, and phone numbers to bypass two-factor identification.
With this method of malicious data collection, all employees should be careful when entering passwords, sharing sensitive information, and downloading files. The old, very obvious, attempts have gone by the wayside. Hackers are now sending sophisticated messages to employees that appear real. For example, fake emails that look identical to trusted service providers will redirect to a spoofed website that requires an employee to enter their username and password. When the employee “logs in” they are giving attackers their credentials.
As a smaller organization with more limited IT support, we recommend the following tips to keep your company data safe.
The IT team at Total Solutions can provide security solutions and in-depth training for employees at your organization. Our experts will put together a customized program that focuses on the vulnerabilities in your industry and fits within a time frame that works for the schedules of your employees. When it comes to Phishing attempts, the best prevention is knowledge. Knowing the signals of a scheme and having secure measures in place will help your business avoid handing over valuable company information to hackers.
Submitted by Steve Kratz, Sr. Systems Engineer