More often than not, your users are the weakest link in your network's security. Without proper training and education, they can unwittingly give hackers access to your data. The most typical way this happens is through an effective phishing campaign.
Phishing is usually attempted via email, and is often an attempt to trick the recipient of the email into revealing their personal information. This information could include sensitive data such as personally identifiable information, banking and credit card details, and passwords.
Do your users know what to do when they receive a suspicious email?
Many people are unaware that they are being phished, and readily submit their credentials to the hacker. Here are some things that can be done if you receive a suspicious email:
Does the suspicious email have an attachment? Don't open it! Files and links can contain malware that can weaken your computer's security, giving a hacker remote access to your computer.
Does that email from a friend, family or co worker seem odd? In even the most generic phishing campaigns, hackers will try to identify their targets via social engineering. If you are not expecting the email, or it seems out of character, it is likely to be a scam.
Make the call! Did you receive an email from your boss to transfer an large amount of money via wire transfer? Or did they ask for personal information, such as network credentials, credit card or social security information? Don't reply to the email… make the call! Get a verbal confirmation from the person that the request is legitimate.
Don't click on that link. Hackers will often send emails with links to web sites that may look legitimate, but will take you to a compromised website that they use to steal your data. Instead of clicking on the link in your email, type it out yourself in the address bar to be sure.
What else can I do to prevent hackers from phishing my users?
Train your users! There are many effective training programs that ICS can help you implement. These programs help your users to properly identify scam emails, as well as educate them on other security measures.
MFA is a must! Multi-factor authentication (MFA) is a method of computer access control in which a user is granted access only after successfully presenting at least two separate pieces of evidence to an authentication mechanism. A common example of this is having a password and a one-time token or PIN that is provided via software on your smart phone or via a text message. Without having both pieces of information, a user would not be able to log in successfully. Most email systems support various MFA technologies.
Backups are critical. With the rise of ransomware, if your data is compromised, hackers can encrypt your data, requiring you to pay a ransom in order to get access to it. A backup allows you to recover affected data.
Implement effective security protocols and review them! Security is not something that you can set and forget. As the threat landscape is constantly evolving, your security policies need to be reviewed regularly to make sure that they are sufficient.
The integrity of your data is important to ICS. We can help to educate your users and implement systems that can help to prevent the loss of your data. Let us know if you need help. We make IT happen!