It is no surprise that if you have unsecured or poorly secured digital information, it may be stolen, hacked or breached at some point. Cyber criminals are always on the lookout for data that they can use for personal, unlawful, gains. In recent years, the number of extortion scams that have come to light, and the sheer volume of data hacks that have occurred, suggest that targeted phishing has gone mainstream. Fraudsters have been continually evolving their methods of deceit, launching scams on a global level and masking their attacks with greater authenticity, creativity and sophistication.
To protect your personal and business information, you must assume that you are already under attack from potential hackers who are present outside as well as inside your organization. Not only should you be aware of the various entry points that make you or your business vulnerable to phishing, you also need to put in place a 24x7 response and remediation plan to deal with eventualities that may leave you compromised.
Here are some aspects that may help you to protect yourself and your organization from becoming a victim of this common cybercrime.
Recognize and Escape Targeted Phishing Attacks
- Know How Targeted Phishing Takes Place: Attackers usually target specific individuals to extract their personal details, or the organization’s information that they may be privy to. This includes passwords, security codes, credit card details and any other sensitive or valuable data. As phishing is an integral component of social engineering, it most commonly occurs through emails that are crafted to resemble correspondence from a source that you trust. For example, government institutions, banks, your company’s legal or human resources teams, your professional clubs and so on.
Targeted phishing threats are typically perpetrated by organized crime syndicates or state-affiliated actors, who have abundant resources to devise new methods to con people, businesses or IT systems. With every new scam that is uncovered, newer methods come to light. However, some of the common phishing techniques that you should watch out for are:
- An email that carries an embedded link redirecting you to an unsecure website that asks for confidential information.
- An email or an advertisement pop-up which executes a hidden code as soon as you click on it. These malicious codes are designed to exploit loopholes and extract sensitive information from your device, including smartphones, laptops, desktops and tablets.
- An email or website that spoofs a reputable source and requests for information such as your user details or passwords.
- Phone calls wherein the caller impersonates a known company vendor, a service provider, an IT department member, or other trusted authorities, in an attempt to obtain confidential information.
Proactive Steps to Protect Your Company from Targeted Phishing
- Educate Your Staff: Conduct training sessions and awareness programs that enable your employees to thwart phishing scams, malware and social engineering tactics. If they are alert about suspicious looking websites, emails or links, you may be able to stop sensitive information from being handed out to cyber criminals on a platter.
- Beef Up Your IT Security: It is imperative that you protect your company systems, servers, applications and devices through a multi-layered approach.
- Encrypt sensitive information, deploy antivirus solutions and set up inbound SPAM filters and outbound web filtering.
- Use an SSL certificate to secure all browser traffic to and from your website. Monitor the outbound traffic for any suspicious connections or potential data grab by remote hosts.
- Segment your networks and implement robust multi-factor authentication between the user networks and anything of importance.
- Keep all your systems up-to-date with the latest security patches and updates.
- Develop a comprehensive information security policy that includes incident reporting and an escalation matrix.
Adopt a Holistic Approach to Enterprise Information Security
Protecting your enterprise information will be a continuous, uphill battle. However, you can create a robust defence mechanism by building up your armoury through a battery of IT security solutions that both protect and remediate.
At GlassHouse Systems, we believe that whether your enterprise IT setup is simple, sophisticated, interactive, or complex, you need to adopt a holistic and proactive security strategy. We have over 25 years of cross-industry experience in designing, implementing and managing IT security solutions in-house, remotely and in the cloud. Our technical experts have led turnkey projects to fully deploy security solutions such as SIEM, IAM, Endpoint Security, as well as Network Security Solutions. Our systematic health check of your IT systems along with a consultative approach will help you build and implement policies and processes aligned with your enterprise security goals.
Contact us to learn more about our cyber security management solutions, or leave a comment below for more information on how to deal with targeted phishing.
For Canada and worldwide, contact our main Canadian offices:
- +1 (416) 229-2950
- +1 (416) 229-9096
By email: firstname.lastname@example.org
For all US-based enquiries, please contact our main US offices at:
- +1 (630) 724-8500
- +1 (630) 724-8509
By email: email@example.com