Phishing attacks run the gamut from easy to spot to alarmingly clever. Done well, a phishing attack looks completely legitimate. But it’s not. It’s just a vehicle for malware. Click on it, and you’ve invited malware onto your PC and into your network.
It’s easy to see why security experts are serious about stopping it.
You know the story. (Except you don’t.)
The idea of a sneak attack is nothing new. It goes all the way back to the story of the Trojan horse. But did you know that’s not the only epic historical example of an inside ambush?
In 1763, the Ojibwe people challenged the Sauks to a game of lacrosse. The game was to be held near British-occupied Fort Michilimackinac. The Ojibwe were a part of a larger alliance of native people who were concerned about Britain’s growing dominance in modern day Canada. Having sided with the French during the Seven Years’ War, they had good reason to be concerned.
So they invited Major Etherington and his troops to watch the game. In spite of previous conflict with these very same tribes, the Major accepted. He even ordered his men to leave their weapons in the fort.
During the game, the lacrosse ball was “accidentally” lobbed toward the fort, landing right by the open gates. A group of Ojibwe women were waiting there, wrapped in thick blankets. They threw off their blankets and started handing out weapons to the players, who proceeded to attack the soldiers and take the fort.
The lesson? Be wary of strangers bearing gifts.
On the rise.
Anyone who’s had an email account for a while already knows to be cautious about email offers that look too good to be true. But what about the offers that seem legitimate? The ones that are just good enough to be interesting while still believable?
The most effective phishing attacks take advantage of that tempting range. And boy, do they work.
Not only that, but phishing is no longer limited to email. Social media phishing attacks are on the rise, too, with some estimates as high as a 500% increase toward the end of last year.
It only takes one.
On average, business users can expect to see at least one high-risk email every day.
Think about how many employees you have and consider this. If even one of them opens a phishing email or clicks on a phishing link on a social media site, your entire network is exposed.
There’s no way to completely remove the threat. Instead, avoiding successful phishing attacks comes down to educating your staff.
The three most important rules.
If you want to keep your network safe from phishing attacks, it’s critical that your employees know and abide by three fairly simple rules.
1. Be careful about where you click.
This is especially true for emails and social media sites, but it’s a good rule to apply all the time. Before a member of your staff clicks on any link online, he/she should stop to consider if the link was provided by someone they trust. If not, don’t click on it.
2. Be suspicious of pop-ups.
Pop-ups capitalize on capturing attention and creating curiosity. Most of the time they’re little more than a harmless irritation. But sometimes they’re downright dangerous. Even if you trust the site you’re on, don’t extend that trust to every pop-up you encounter.
3. Be hesitant to give out personal or professional information.
It’s smart to limit how much information you give out about yourself and your company online. That’s doubly true when an email, pop-up or website asks for info you weren’t planning to share. Always check to make sure you know who you’re sharing information with before you share.
Getting full protection.
Of course, that’s just the tip of the iceberg when it comes to employee education and network security. Cyber attacks and forms of phishing change on a regular basis. If you want to make sure your network is safe, you have to stay on top of the most recent information and pass it along to your staff regularly.
Or you need to partner with a network security expert, like Certus Technologies.
The Certus team can keep you and your staff informed so you’re always two steps ahead of cyber attackers. If you’d like more information about avoiding phishing attacks or if you need a complete network security strategy, contact us today.
About The Author
Evan Berk is Managing Partner at Certus Technologies, an IT Managed and Cloud Services firm that specializes in helping clients dramatically improve their business productivity.
Evan is passionate about simplifying and demystifying complex Information Technology systems and believes that the best IT systems should make our lives easier and more productive, both in the workplace and at home. He can be contacted at EBerk@CertusTechnologies.com or at 973-944-5000.