[BreachExchange] Why your employees are integral to tackling cyber threat
Audrey McNeil
audrey at riskbasedsecurity.com
Tue Mar 28 18:57:41 EDT 2017
http://www.belfasttelegraph.co.uk/business/help-advice/
why-your-employees-are-integral-to-tackling-cyber-threat-35568834.html
In a recent article, I addressed the risks to a company from within. There
are also inherent external threats that, as technology advances, become
more sophisticated and difficult to spot internally.
In today's society, there is an increasing pressure to store more and more
information online, whether that be personally, such as Facebook or iCloud
storage, or professionally, such as Linkedin or cloud computing.
Fraudsters can use this information to infiltrate your internal systems and
manipulate employees in what is termed 'social engineering'.
A common example would be fraudsters identifying key decision-makers within
a company, such as finance personnel, and using this information to trick
employees or customers into making payments or transfers. Social
engineering does not require elaborate techniques or highly technical
equipment.
Another fraud trend is emails sent to individuals which are similar in
terms of format, logos and layout of that of the purported sender, which is
usually a recognised brand or body. Recently reported examples include
Amazon and HMRC. The emails usually require users to log into their
accounts resulting in fraudsters gaining access to their personal
information.
These phishing emails are becoming more difficult to identify and, as such,
it is important that staff in your organisations are trained to spot them.
Simple techniques can help protect your company from this type of threat,
such as cross checking the email address to the sender, ensuring it is a
recognised email address or seeking independent verification in regards to
any request for information or payment. For example, confirming the genuine
nature of the email via a telephone call to a known contact in the sending
company.
Another technique used by the fraudsters to gain access to your company's
information is to target your employees via attaching malicious hyperlinks
within the body of emails.
These hyperlinks can be passed unknowingly through a number of mediums such
as between email recipients, Facebook posts and instant messages. It is
important that employees are aware of the risks associated with opening
unknown links. By clicking on these links, employees may release malware
(malicious software), such as ransomware, into your company's systems,
restricting access to your company's system until a ransom is paid.
These types of external threats are not confined to multinational
corporations. Fraudsters attack businesses of all sizes, exerting
relatively minimal effort for high returns.
Therefore, it is important that a culture exists within your organisation
which encourages employees to raise any concerns regarding potentially
malicious emails or suspicious activity with a nominated and easily
contactable representative.
Unfortunately, there is no quick fix or magic software to completely
protect your company's information from these types of threats. Only by
ensuring your employee training and internal policies are reviewed and
updated on a regular basis, along with employing appropriate IT
infrastructure, will you be able to mitigate the loss to your company of
these external threats.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170328/feceb30d/attachment.html>
More information about the BreachExchange
mailing list