Tip:
Highlight text to annotate it
X
Hey guys, and welcome back to the SecurityQ, your source for business
data security.
Today on the SecurityQ, I want to cover one question. Are your employees properly
trained to
protect your business against phishing attacks?
Not that type of fishing!
Phishing is another tool used by hackers to gain access to your personal data.
Phishing relies on your employees willingness to provide sensitive
information
like passwords, bank, and tax information. Here's how it works.
Companies are targeted via an email
that is designed to look like it comes from a legitimate bank, organization
our government agency. Then the sender asks to confirm personal information,
in essence, phishing for data. For example.
Let's say your business does e-commerce through Pay Pal. Hackers posing as PayPal
will contact you via email
asking you to confirm sensitive information pertaining to your account.
Once information is obtained, hackers use the credentials gained to steal
your sensitive data mostly through attacks like malware and back doors to
your network.
That's hook, line, and sinker. The scary thing is,
you may have the best technology in the world but if your employees aren't properly
trained,
that technology is a complete and utter waste. Currently twenty percent of all
breaches
now involve phishing. Everyone in every industry and
every company is ultimately a target.
Keep in mind, it takes only one untrained employees to give away
all the data you worked so hard to protect. As a business owner,
how can you detect phishing attacks and properly train employees?
First the message or email you're receiving
may appear entirely convincing. You should keep a lookout for three things.
Layout issues, spelling , and grammatical issues,
go hand in hand with phishing attacks. Second
don't just check the name of the person sending email. You need to check
the email address and ensure that there are no alterations made to it.
For example,
additional letters for numbers added to the email address.
Last, most companies will never ask for your personal information through
email.
If there's any doubt, contact the sender.
Remember, even savvy technology users can find themselves fooled
by messages that appear authentic so be cautious,
Our advice? Educate your employees
about phishing attacks. When it comes to staying safe online,
it never hurts have a little bit a cynicism. Well guys,
that's all the time we have for today on the SecurityQ, but as always
we want to hear from you. So post your questions in the comments below,
and don't forget to subscribe. See ya next time on the SecurityQ.