4 minute read
CYBERCRIME
Davia Moss
is vice president of operations and client services at Next Horizon, a Sanford-based IT and digital marketing agency that provides holistic technology solutions for businesses looking to improve sales, increase agility and optimize productivity. She can be reached at:
Advertisement
dmoss@nexthorizon.net.
— Davia Moss
Cybercrime
PHISHING: THE EASIEST WAY TO LET A HACKER INTO YOUR BUSINESS
Let’s suppose you’re going through your inbox and you find an email from a reputable company you know. But there’s a catch. It’s asking you for personal information like a password or credit card numbers. Stop! Don’t fall for the common cybercrime called phishing.
This cybercrime uses emails to gain valuable personal information about you or your company. Its namesake comes from fishing, where it’s like baiting a line to catch a fish. Many of these scams can be “baiting” you to get personal information that can be used to break into your online accounts or even your computer’s hard drive.
According to a Verizon Data Breach Investigations Report, phishing scams account for 90% of security breaches in businesses. In particular, manufacturers, telecom and technology companies have been hit hard by this incessant tactic. However, none have been hit harder than the health care industry during the pandemic.
Medical workers have received information seemingly from reputable companies about coronavirus vaccines and “updated” safety information. These scams used signatures that posed as the U.S. Department of Health and Human Services, the Electronic Frontier Foundation or even research teams at reputable universities.
Identifying a Scam
How can you train your employees to identify a phishing scam? Research. Train. Practice. Repeat.
When we think of on-the-job training, we think of corny videos you watch once a year (or less) about workplace etiquette. Instead, phishing awareness training should be
The FBI reported a 300%
increase in reported cybercrimes since the start of the pandemic
ongoing. Every few months, cybercriminals find new ways to break into networks and prey on the uninformed.
You might say, “I have pretty sophisticated network security in place. Why do I need to train my employees?”
While sophisticated filters can weed out many unsavory emails and communications, hackers aren’t breaching your firewall directly. They are being “let in.” The strongest defense to phishing attacks is a trained, observant workforce.
Common Signs
Phishing campaigns are constantly evolving, but knowing some basic tricks to look out for will go a long way toward protecting your organization:
Ɇ The email sounds too good to be true.
Ɇ It creates a sense of urgency.
Ɇ It contains misleading hyperlinks, such as a popular website misspelled or an unknown URL.
Ɇ It contains an attachment it urges you to open — which often leads to ransomware or other viruses.
Ɇ It’s from a sender you may not know, or from someone you do know who didn’t send it.
Ɇ Its subject seems very important, but it’s an email that typically doesn’t go directly to you. For instance, it might be about an account someone else in your organization typically handles.
Ɇ The hyperlinks start with https; instead of https: — using a semicolon instead of a colon.
Be Aware and Prepared
One of the best ways to train your employees to spot phishing scams is by running unannounced tests yourself. Get with your IT partner to set up some pretend phishing emails, send them to your employees and see how many people fall for them. This can not only help your organization identify the weak areas in training, but it can pose as a great teaching tool for employees.
Phishing attacks cost businesses billions of dollars each year. These scams have gone from generic email blasts to more targeted, personal communications designed to give the receiver a sense of comfort. They use official brand logos and images, and the warning signs are getting more difficult to spot.
If you don’t want your business becoming another statistic, it’s time to make phishing a key aspect of your network security strategy.
Experienced M&A and Corporate Counsel Solutions for Entrepreneurs
Nelson Mullins Broad and Cassel offers the strength and resources of attorneys and professional staff with experience in a range of services to meet all the legal needs of a growing company. Then, when you are ready to exit, Nelson Mullins has the experience to guide you through your acquisition.
For general business or acquisition questions, call: Doug Starcher 407-839-4208 Pete Schoemann 407- 839-4225 Matt Armstrong 407-839-4258 In Florida, known as Nelson Mullins Broad and Cassel, Attorneys and Counselors at Law 390 North Orange Avenue | Suite 1400 Orlando, FL 32801 nelsonmullins.com | 407.839.4200
