December 29, 2015 by The GLS Team
What is phishing?
That’s a simple enough question, but it has a very impactful answer for business leaders. And, it’s an issue that businesses should be paying attention to, because phishing is here to stay. Phishing occurs when a malicious actor impersonates a reputable entity in order to learn important information like login credentials, account information, or industry-specific data from an unsuspecting victim. Phishing can occur through many channels, including email, instant messaging, text messages, and even through phone conversations.
The Anti-Phishing Working Group (APWG), a coalition of more than 2,000 companies around the globe that advises governments, trade organizations, and other groups, reported phishing attacks were just under 124,000 attacks in the second half of 2014, being the most reported since the second half of 2009.
As a consumer, you could lose credit card information or other sensitive identifying information through a phishing scam. As a business owner, your company’s safety, competitiveness, and privacy are at risk when one of your employees is successfully “phished.” Here’s a look at why the threat of phishing isn’t going anywhere, and some tips on how to keep your business safe.
Proliferation of Phishing in the Information Age
Phishing has become a popular form of cyber-attack because of our society’s reliance on digitized information. The more information there is on digital servers, the more valuable passwords and other identifying pieces of information that can lead to data access become. Currently, malicious phishers sell passwords on the black market, and as long as these markets for phished material exist, phishers will have an economic incentive to keep stealing data.
This produces somewhat of a “catch 22” for business owners. In order to remain competitive, business leaders can’t turn away from the convenience and efficiencies that digital data systems produce. But, the more important information companies store on servers, and the more they rely on digitized information, the more devastating an attack by a malicious phisher can be.
Again, phishing isn’t going anywhere. In fact, the methods used by malicious actors to “phish” for data are becoming more advanced, and the continued importance of digital data storage means there is a constant and growing incentive for phishers to develop new and aggressive attacks. So, if the threat of phishing isn’t likely to disappear any time soon, what can you do as a business leader?
“Lock Maker” vs. “Thief” Syndrome
Currently, many businesses address the threat of phishing by shoring up technological weaknesses in their companies, and treating their defense against phishing like a lock maker constructing a more elaborate and difficult-to-break lock. While this is a good defense, you should not stop there.
Malicious phishers are constantly thinking of new ways to break through technological solutions. This is because phishing relies so heavily on human error, and there’s no good tech solution to completely stop people from making mistakes. What’s the use of a good lock if someone in your home has a tendency to let thieves in?
Simulated Exploit Testing
If phishing isn’t going anywhere, and building better “locks” isn’t the complete answer for most business leaders, what can be done to protect companies from successful phishing attacks? Simulated Exploit Testing and subsequent follow-up training is a great approach to take.
With Global Learning System’s (GLS) online Simulated Exploit testing, you will have the option to incorporate our Anti-Phishing Training Essentials course, Best Practice Module, and Security Short Videos as follow-up training options.
With our exploit testing, we work with organizations to target different departments and simulate phishing attacks to track employee responses and discover educational gap areas. From there, we deliver the responsive training options to employees that have demonstrated weaknesses around phishing security, delivering applicable information where it is most needed before a real attack damages your company.
Factors That Aid Phishing
Experienced phishers are experts at exploiting human error and capitalizing on different factors that aid in their malicious attacks. Our society’s reliance on technology, and specifically our social media culture, can do a lot to aid phishers. The information posted on social sites gives attackers background information to use in targeted and sophisticated phishing messages, making the claim seem familiar and legitimate. Social sites that list birthdates, names of children, and anniversary dates provide attackers with answers to your security questions. Furthermore, economic and social factors, like the size of the market for stolen data, make phishing more attractive and aid in the development of phishing scams.
While the threat of phishing isn’t going anywhere, it doesn’t mean there isn’t a lot you can do to protect your company. The best way to make sure your data is safe is to approach the real vulnerability that makes phishing possible: human error. Simulated exploit testing, reinforced with follow-up training is a great way to drive awareness and prevent a breach.
December 22, 2015 by Carsen
In an increasingly connected world, security is a major issue. Our phones and computers have become integral parts of our lives. We store a lot of personal, sensitive information on our devices, making us targets for hackers and others with malicious intent.
That’s why the need for security is now greater than ever. We spend a lot of time on our mobiles, tablets, and other such devices without considering the potential threats around us.
Keeping that in mind, here are 5 Tips for Strengthening Security on a Daily Basis:
1. Secure Your Mobile Devices Physically
Most people overlook physical security when it comes to protecting their data. Plenty of people leave their devices unattended in public places, such as restaurants and airports. That is the worst thing to do when it comes to security. Not only may the device—with all your personal information on it—be stolen, thieves can also pick it up and go through all your data while you’re gone.
This is where passwords and two-factor authentication come into play for mobile security. It’s always a good idea to have at least a password or PIN protection for your mobile devices. You should also have a malware or antivirus scanner for protection against digital threats.
2. Maintaining Security Online
When connecting through Wi-Fi, take a few precautions. Always make sure that your wireless network is protected with a password. WPA and WPA2 network encryption are highly recommended—especially the latter, since it’s extremely difficult to crack.
If you are on a public Wi-Fi network, consider using a VPN (Virtual Private Network). It encrypts the traffic to and from your device. If you have the option to pay for Wi-Fi that includes a personal password, choose that one.
3. Data Storage and Encryption
However simple or complex your data may be, always make sure it’s stored in a secure location. Log who accesses the data and when it is accessed.
If it’s stored in the cloud, make certain the account and the service provider are secure. When you are sharing the data, always confirm the recipient’s account(s) is secure, too.
It sounds heavy-handed, but it is 100% true: encryption is your best friend.
4. Stay Away from Viruses and Malware
This cannot be repeated enough: always keep your virus protection up to date. Lots of new viruses come out every day, and it is up to you to protect yourself by staying updated at all times.
Also, stay away from suspicious links. Many spammers send out links to phishing sites that capture logins and passwords for banks or request financial information.
There are also countless websites that lead to malware or virus downloads. Be cautious when clicking anything on the Internet.
For work computers, follow company policies to ensure updated software. Many times your security and IT teams perform updates, so you may not need to on your own. Please ask before downloading anything on your end.
5. The Human Firewall®
While software firewalls do their work just fine, the human firewall® is even stronger. However, that is also a major weakness in the system.
Many security threats don’t really come from the outside—they originate from user negligence. It is necessary to be educated on security protocols and techniques to stay away from all insider threats.
As you can see, strengthening security means being aware of and implementing security best practices.
To find out how to keep your information safe - contact us.
December 04, 2015 by The GLS Team
During the holiday season of giving, it is also important to be aware of potential threats that could compromise your gifts, information, and finances. Stay on guard, and give and receive securely throughout the holidays. Here are five common scams to beware of this year.
Disappearing Pop-Up Stores
A disturbing trend around every big celebration is the arrival of a wave of pop-up online stores. These fly-by-night scam companies offer great deals that are often too good to refuse, or more accurately, "too good to be true." As soon as they have your money, you never hear from them again. Often, the site you ordered from disappears completely. As a counter measure, shop only on the official sites of well established companies that you know and trust.
Black Friday Exclusions
Black Friday exclusions can be a vicious adversary, and similar scams go beyond Black Friday into the entire season. Attackers pose as organizations, providing you with a “receipt” or a “request for verification of address,” etc. In reality, they are trying to capture your information or have you download malware. If you receive notification that you need to verify an offer, do not click on any links. Rather, contact the organization through your traditional form of communication, by finding the contact information on the trusted website, and confirm the message was intended for you.
Secret Admirer Scams
A phishing effort that has been circulating since the popularization of smart phones is the "secret admirer" scam that preys on the basic human traits of romantic curiosity and loneliness. In this scam, the recipient will receive a text message stating that a secret admirer sent him or her a gift. In order to open the gift or to see who sent it, the individual has to “verify” his or her identity. Typically, these phishers are out to get hold of your login details for your bank, mobile phone network and any other service you may access off your smart device.
Continuing the tone of heartless attacks on basic humanity, there are usually a good number of false requests for charity. These scams rely on the good nature of the public and betray our sensibilities into funding a thief, instead of the actual charitable cause. It is best to donate by visiting trusted organizations’ websites like the Red Cross or an established non-profit you are familiar with.
Fake Coupons or Discounts
The biggest scam now is, of course, the fake gift voucher or product offers being circulated on social media sites. This has recently been big news in the USA, with counterfeit Target coupons offering 50% off. Clearly, such a deal would tempt many people. These scams are all centered on getting hold of your personal data. The best way to avoid becoming a victim is to always do a separate search online to try to confirm the offer you have seen. Visit the official website of the organization and contact the trusted number.
Stay protected this holiday season - contact us to learn more about security awareness for your organization.