Phishing Ghouls and Ghosts: Don’t Get Bitten by Phishing Scams
What is the most prevalent way today’s ghouls and goblins (hackers) get access to your networks and system? Through phishing. No, not with a fishing pole, hook and worm, but by getting users with access to unlock the front door via a link or malware and let them in. The unknowing user usually receives an official looking email from someone in authority asking for some prompt action like an email from the CFO who says she is on her phone and doesn’t have the company’s bank routing and account number and asks the user for it so she can pay a critical invoice now. Think no one would provide the information, you’d be surprised!
The Ponemon Institute found that phishing incidents have nearly doubled in the last year and that large companies are spending an average of approximately $700,000 to respond and remediate each incident. This a tremendous drain on company finances especially when 65% of companies are the victims of dedicated phishing campaigns at least 10 times a year all the way up to 100 times a year. The good news is there are cost effective ways to reduce your company’s chances of becoming a victim of phishing.
Avoid Falling into a Phishing Scam
Below are some tricks to protect your company from the phishing ghouls and ghosts of the internet:
- Provide phishing and basic cybersecurity training to your employees annually. The Ponemon Institute found that security awareness training reduces phishing expenses by more than 50 percent on average. It makes training well worth the investment. (And you can get it free at https://public.cyber.mil/training/cyber-awareness-challenge/).
- Encourage employees to call and talk to someone before providing sensitive information over email or text. As an element of your security culture, put a human in the loop of any major corporate financial or other sensitive information process. If in doubt, call the sender of the email and to talk to them to verify the request!
- Consider disabling all links in emails as a network policy. This may seem draconian to some users, but ensuring they take the extra step to copy the link into a browser may just save your company thousands of dollars.
- And as always, make sure to:
- Use multi-factor authentication.
- Keep up with software updates.
- And back up your data.
Do all of the above tricks and your treat will be a more secure environment and significantly lower chances of being bitten by a phishing ghost or ghoul. Happy Halloween!
Founded in 2011 by former members of the U.S. intelligence community, Sera-Brynn partners with some of the world’s most respected and recognized brands to help them secure their infrastructure and meet cybersecurity compliance requirements. Sera-Brynn has invested in our capabilities and is proud to be only one of seven companies worldwide that hold certifications as both a Federal Risk and Authorization Management Program (FedRAMP) Third Party Assessment Organization (3PAO) and a Payment Card Industry (PCI) Qualified Security Assessor (QSA). We use these and other individual advanced certifications (CISSP, CEH, i.e.) to help companies develop cybersecurity programs to meet Federal and Commercial Compliance