If there is one thing, I’ve learned about the internet and its predators, you have to protect yourself. Every day organizations are hacked and employee credentials are stolen. It’s a Shame that some organizations do not seem to see the writing on the wall. Security breaches are increasing exponentially and ransomware attacks have even shut down several healthcare systems in the last year.
Limiting user access privileges and monitoring administrator accounts can help to mitigate damage from malicious activity. We see it happen every day in the news; an employee falls prey to a phishing attack. Once they click a malicious link in an email, hackers gain a foothold in the network. Next, they will pivot and gain control of more devices making it nearly impossible to ever remove them. Some companies have gone so far as to scrap every computer and server on their network to regain control. This is known as the bare metal solution and as you can imagine is incredibly expensive.
Some phishing emails request that you reset your password immediately and then send you to a website that looks identical to the real thing. People may enter their id and password. Now, if a co-worker has fallen for this scam and given away their credentials, a criminal has access to their account and has potentially put the entire organization at risk.
If you or someone you know falls for a phishing attack such as this, passwords should be changed immediately. One way to thwart this type of scam is to never ever follow a link in an unexpected email. Always, either manually type the web address into your browser or google the web address. Another method that helps, is to use a password manager. For instance LastPass, which automatically detects if a website is the real deal and inputs your credentials for you. As a bonus it also hampers a key logger if someone has put one on your device.
Protecting yourself from hackers and keeping the workplace safe is a team effort and literally everyone must do their part. If you work in IT you are probably thinking “yea right getting thousands of employees to act securely.” Security Awareness Training has always fallen short until recently. Nowadays there are companies taking this issue seriously and stopping users from clicking malicious links. Since it is a well established fact that the vast majority of security breaches occur from phishing, it would be wise for your organization to establish an effective security awareness program that addresses this issue.
A Few More Quicks Tips;
●Always use HTTPS version of a website, perhaps use the web browser add-on “HTTPS Everywhere”
●Avoid Links in email like they’re the plague
●Use PayPal for online payments
The Scariest thing about all of this: hackers are attacking more frequently and targeting smaller organizations as well. Action needs to be taken today, in order to address these threats.
“there are only two types of companies: those that have been hacked and those that will be.”
~ Director of the FBI, Robert S. Mueller, III