In this digital era, our security is always in danger. There is an invisible war between hackers and information security experts. Every year hackers find new and more sophisticated ways to steal our sensitive data, personal information, and money, compromising our way of life. The financial damage of cybercrimes is estimated at billions of dollars. In the U.S. alone, the cyber-fraud losses were estimated at $16.8 billion, with an estimated 16.7 million victims in 2017. Hackers attack everyone: individuals, businesses, and even governments. In this post, we are going to focus on one of the most common security challenges that both individuals and companies face in keeping their information and data secure: phishing attacks.
What is phishing?
Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers, or coercing a person into sending sensitive information or funds to the attackers. It occurs when an attacker, masquerading as a trusted and sometimes familiar entity, convinces a victim to open an email, instant message, web site, or text message. The recipient is then tricked into opening a malicious link, which can lead to a seamless installation of malware. This may then result in freezing of the system as part of a ransomware attack or due to exposure of sensitive information. Many such attacks exploit vulnerabilities known as “zero day exploits”, which have not yet been patched by operating system and other software manufacturers. Antivirus software can sometimes be effective, but oftentimes even the best antivirus will not catch a sophisticated attacker when the user themselves clicks a wrong button without thinking.
One of Akvelon’s areas of focus and expertise is information security consulting. Our experts have developed and implemented a training system that educates corporate users of phishing attacks and promotes safe computer practices. This training proved to be effective in demonstrating the dangers of phishing and raising employees’ awareness of different ways how their sensitive data may be compromised.
The system consists of 2 stages. During the first stage, your employees will take a 30 minute online course and will review the phishing prevention plan. This plan includes instructions on how to improve the security of your internal communications and practical tips for your workers and administration. The second stage is a simulated phishing attack. Each employee will receive a legitimate-looking email from another employee, typically their superior. These emails are sent at random times and contain different types of requests.
How do you protect yourself from phishing attacks?
The first thing to remember is that phishing is a type of social engineering attack. Anyone, even some security experts themselves, can fall into this trap without realizing it initially. There is always a risk that your employees may not notice a wrong character in an email or another irregularity in a routine business request. Our security experts recommend that IT departments implement the following policies:
- Do not show examples of corporate mail in social networks. Hackers can use it to get knowledge about your email form.
- Consider internal training with your organization. It only takes one person for a malicious phishing to be effective. If that person is an employee in your business, you now face the risk of malware downloaded inside your company’s firewall.
- Corporate web applications should be checked for vulnerabilities. Always ensure that your computers are equipped with the latest security patches and virus signature to reduce the chance of being affected by fraudulent emails or websites relying on software vulnerabilities. This also helps to protect your computer from other security or virus attacks.
- Use two-factor authentication (2FA). 2FA is the most effective method for countering phishing attacks, as it adds an extra verification layer when logging in to sensitive applications. 2FA relies on users having two things: something they know, such as a password and user name, and something they have, such as their smartphones. Even when employees are compromised, 2FA prevents the use of their compromised credentials, since these alone are insufficient to gain entry.
- Administrators must configure the mail server so that it does not accept fake emails. All email applications provide IT administrators the option to configure spam filters; however, there is a fine line between stopping malicious emails or spam and blocking legitimate emails that could impact your organization’s business!
Akvelon is here to help
Despite the human factor, there are also technical tools available to reduce the risk of phishing attacks. Those include advanced firewalls and antivirus software, anti-spam, anti-spy software, and spam filters for your email. To help your organization avoid this damage, which could be caused be phishing and other cybercrimes, Akvelon provides an array of services that are dedicated to helping organizations educate their employees and make their software safer. Akvelon also provides testing of your systems and apps for vulnerabilities, web and content filtering, log management, onsite and offsite data protection solutions and our specialists cover all security needs of the modern company.
You take care of your business’s profits, while Akvelon takes care of you.
More Insights
CLOUD SECURITY: DON’T WAIT UNTIL IT’S TOO LATE
This is especially true in the world of the Cloud. While the Cloud offers a variety of positive elements including cost-savings, agility, flexibility, and a variety of business-friendly features, Cloud-driven IT still must pay heed to the three horsemen of IT: Security, Governance, and Compliance. Though the Cloud is powerful, it is not a silver bullet. Read more.
THE BIG PUSH: SECURITY, COMPLIANCE, GOVERNANCE AND THE FUTURE OF DIGITAL BUSINESS
It has become a truism that Digital Business cuts both ways. The benefits of digitization are clear and well documented: organizations get speed, agility and scale and can manage campaigns with more scrutiny than in the analog world. In that way, digitization has been a boon for businesses who are seeking to grow while managing costs and striving to do the most with the available resources. Read more.
SECURITY AND BUSINESSES ARE FUNDAMENTALLY INTERTWINED
The most common response from business executives when asked about Security is a deep sigh followed by a statement about both the impact of security breaches and the cost of recovering when they happen. They rightly worry about the effects of security “issues” on their organizations and customers, and about the increasing public (and legal) scrutiny that has been spurred by noted security breaches that make the news. Read more.