Data Security is a Human Resource Issue

Phishing attacks are becoming more successful, harder to detect, and slipping by the best software defenses. Phishing is on the rise and is the leading cause of a surge of ransomware attacks. This has significant business impacts. According to a survey of IT Professionals by Datto, the average ransom request is roughly $4,300 and the associated average cost of downtime of a single attack is $46,800!

A Phishing scam is a legitimate looking email that asks the reader to click on a link. If clicked, the link can infect the user’s computer with malicious software that can steal passwords, logins, and other critical data.

Spear Phishing scams are fraudulent emails sent ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information. This tactic is successful because the cybercriminal gains the victim’s trust and exploits their emotions.

Another tactic is Smishing, which is a fraudulent text message. These too can be spoofed so that they appear in an existing thread with someone you trust.

Real-life examples

Email addresses can be spoofed and social engineers are sneaky. Here are some examples that illustrate how someone can mistakenly become prey:

  • Imagine you handle hiring for your firm and routinely receive emails from candidates. How difficult would it be for a social engineer to push a malicious attachment, disguised as a resume, to your inbox?
  • Imagine are looking for a new job. What if you received an email that appears to come from LinkedIn with a job offer, with a link to upload your personal credentials?
  • Imagine seeing a text in a thread on your phone from your friend or family. She is traveling abroad and says she has been robbed, and to please send money ASAP. How would you respond?

Prevention Tactics

No single solution can prevent ransomware. A survey of IT Professionals noted that 86% of victims had antivirus installed. Most everyone has a spam filter. Yet phishing attempts often bypass these systems. And it only takes one wrong click to encrypt an entire network.

Here are some steps you can take to reduce risk:

  1. Train Your Employees. The vast majority of all security incidents involve human error. The single, biggest defense is education. Train your people to be constantly wary of all the emails and messages they receive. One way some firms are educating their people is by sending out their own “fake” phishing scams. Employees who click on the link inside are greeted with a notice that they’ve fallen for a phishing scam and then are offered tips on how not to be fooled in the future. It may seem like a bit of a dirty trick, but data security is a serious issue.
  2. Guard Your Personal Info. Take care with the information you post publicly on social media. Any information that can be found online can be used against you.
  3. Perform a Risk Assessment. Every organization should routinely audit access controls and review your security plan. By identifying your firm’s gaps, you can develop a strategy to protect your most valuable assets.

In short, taking responsibility for data security involves a lot more than just a software program.