Data Password and Phishing Hook

One of the Many Ways Cyber Criminals are After Your Data

Phishing sounds innocent enough, right? Echoing a relaxed pastime, phishing even has a name designed to put your guard down. Ironically, that is exactly how cyber phishing works—it’s a ploy that tricks users into relaxing their guard so criminals can access to valuable personal and business data. So how serious is the risk? It’s serious and very costly.

According to the 2014 Check Point Study of Global IT security and professionals (The Impact of Mobile Devices on Information Security), 75% of businesses allow users to connect their personal devices to the corporate network. While allowing connectivity enables greater employee productivity and autonomy, it’s also a big risk. The Second Annual Data Breach Industry Forecast from Experian found that “U.S. companies lost $40 billion due to unauthorized use of computers by employees in 2014.” Precious few businesses can afford the security breaches and data losses that happen when networked employees don’t know the risks and don’t follow the rules. The key to not getting caught in the nets of hackers and other cyber ne’er–do–wells is to make sure you and your entire user base know the phishing game and exactly how to avoid it.

How Phishing Works

Phishing, currently the second most prevalent form of cyber threat according to Raytheon’s 2015 Global Megatrends in Cybersecurity, is a method cyber attackers use to try and gain key digital information, such as login credentials or user information. How do they do it? By imitating a legitimate entity or person. A user might receive an email or text that looks like it comes from a person or organization they know, such as a good friend or the bank they use. They might see an advertisement that intrigues them, but turns out to be a sham. The user will either follow the felonious link or deliver the information the criminal is requesting because the email, text or advertisement looks legitimate from their end.

What makes phishing so effective is that it plays on our intuition to click on links, buttons and ads. Technology has programmed us to automatically follow links for more information and phishing scams prey on that programming. People often click before they think, which is why phishing has become such an effective tool for cyber criminals looking to get ahold of credit card, bank account numbers, usernames, passwords and other financial information.

Want to Protect Your Business? Go Back to Basics

To avoid the security, money and time costs that come with phishing attacks, businesses don’t have to go far from what they already know. If fact, they should start by going back to some tried and true basics, including these three:

  1. Educate Users Take time to better educate your employees and networked partners on how phishing and other cyber scams work. Information is a powerful tool and employees who understand the risks and pitfalls are better armed to protect your network and become a partner in your security success. You can even run tests (leveraging managed phishing services) to see how employees react to a false phishing campaign and demonstrate the risks.
  2. Eliminate DNS Blind-spots – Here’s an example where you don’t have to drop six figures in order to drastically increase security. Leverage secure DNS services in order to gain visibility into all connected devices.
  3. Filters and Endpoint Protection – Another small, but critical security basic is using SPAM filters (enterprise grade) and putting endpoint protection in place. You would be surprised how many businesses over look these basic security steps and invite the phishing attacks in.

A New Frontier: UBA

In addition to these important basics, many enterprises are exploring how User Behavior Analytics (UBA) can help identify attacks as they are occurring. Innovative and proactive, UBA uses advanced algorithms to spot patterns in user behavior that look suspicious. Credit card companies use UBA to identify when their customers cards and data have been stolen. Enterprises can use the same technology to monitor security threats. For example, when the UBA program sees a user initiating a large data copy, it identifies likely behaviors: 1) either the user’s data was stolen or 2) the user is quitting/has been fired. With UBA, businesses can detect user impersonation quickly and shut down attacks when or before they occur.

Don’t Fear Phishing: Fight It

Like most security threats, getting and staying ahead of the curve is the key. A business that stays strong on the basics (user education and strong DNS, SPAM and endpoint protection) and finds ways to incorporate security innovations such as UBA can protect itself from phishing threats and remain alert to ever-evolving digital threats.