Phishing Attacks are a Huge Threat

Keep Your Security up to Date

Phishing Attacks are on the rise and you have to keep your defenses up to date.

Threats

The threats keep coming and more businesses are being affected.  Protect yourself, your company and your customers by improving your security. 

And the threats are real and are on the rise. Whether is it locking up your data for ransom or getting control of one of your emails accounts to try to get your team to pay fake invoices, the crooks are getting smarter. 

Make Improvements

Your job, if you run a company or head up IT, is to make your company as hard to penetrate as possible.

When you look to make the improvements, look to check the box for security training.

Make sure that the security training you select includes Phishing testing.

Phishing attacks are continuing to grow more common. Studies have shown that 25% of all data breaches originate with a phishing attack. People are at great risk from falling for these scams.

Read the report here – The Three Most Harmful Examples of Phishing Attacks (expertinsights.com)

Security Training

The first question that we hear around training is, “who is to be trained?” Everyone who has access to the system needs to be trained.  Along with “Defense Wins Championships” another well-used phrase is, “You are only as good as your weakest link”.  The criminals are searching for that weak link. 

Security Training takes two forms here.  One is short videos and emails that prepare your team for what to look for to heighten awareness.  Vigilance against an attack is a great defense. 

A second spot to see how ready your group is for a phishing attack is to run your own test attack. For those that don’t do this yet – Phishing testing is where your IT team leverages a system to send planned “fake” emails to your employees. 

Then you see who falls for the fake emails.  The fake emails have great offers in them, for example “click here to win a free pizza” if you just provide some personal information.  Scraping the PI (personal information) is the point of both the real and test phishing attacks. 

Pay attention to who fails the fake attack.  These team members are vulnerable to a real attack.  Make sure that they take the awareness training. 

In some cases, when the Phish is well targeted, we have had personnel enter their user name and password.  That make breaking into your system really easy. 

If you need help with a Phishing testing system and awareness training, let us know. Phishing Attacks are on the rise – defend your company with Viener4Gates.

Next Time

Over the next few blog posts we are going to get into the following and more –

Get and use MFA (multi factor authentication) for at least your email.  If you have confidential information, Use MFA as you access your servers as well.

Clean up unused accounts

Keep track of all of the PCs and make sure all are managed, patched, and have current antivirus

Keep your firewall up to date

We can get into backups, tough questions the insurance companies and auditors ask and more in the future installments.

Blog