One of the most effective types of attacks is called spear fishing. “Spear phishing is email targeted at a specific individual or department within an organization that appears to be from a trusted source. It’s actually cybercriminals attempting to steal confidential information,” – KnowBe4.
A worrying new type of phishing email is going around using stolen data from high-profile websites. These emails include a password that has been used with the user’s email address in the past in an attempt to scare that person into sending the scammer money (typically Bitcoin). Since the emails include personalized information, they appear credible in ways typical phishing emails do not. Typically, the scammer is claiming that they have recorded “compromising activity” and blackmailing the user for their silence.
How Does This Happen?
- A website is compromised (“hacked” or “breached”) due to poor security.
- That website’s user database (including emails and sometimes passwords) is stolen (“leaked”).
- This stolen information is generally made available on the web.
- Scammers obtain one of these lists of emails and passwords.
- Scammers send messages to your email and include the password from the list.
- You open the email and are worried that you have been infected.
2FA, or multi-factor authentication, is a mechanism of confirming one’s identity using a combination of at least two factors. Its use is very important to limit the scope of most traditional intrusion attempts and account compromises. However, UniVista believes implementing 2FA is NOT an alternative to providing your team with the training to detect these attempts before they affect your business. Multi-factor authentication does not provide a 100% guarantee that your information won’t be hacked. However, properly implemented 2FA will reduce that risk and provide some peace of mind.
- Using 2FA will NOT prevent data leaks from a compromised device that is already authenticated.
- 2FA will NOT prevent sophisticated remote account compromises.
- UniVista considers training important to reinforce the behaviors of stopping, thinking, and acting carefully no matter the specifics of the situation.
- To learn more, check out –> The Ping: 2FA
Password complexity and changes are often glossed over by the everyday user and yet can be the first step in preventing cyber-attacks. UniVista encourages you to change your password at least every 30 days and follow these generic password creation rules:
- Do not use common information
- Do not use a single, common word
- Do not use repeating characters or single digits.
- Do not re-use the same password for multiple different logins!
- UniVista recommends changing your password as soon as you think you might have been compromised!
- To learn more tips about passwords go to The Ping: Security in Public Places
Building awareness with your employees isn’t just about teaching them what to look for but also to show them why they are an important part of the solution. Once your employees can relate to the importance of keeping the network secure, they’re more likely to take their training more seriously. Training your employees to be able to detect and delete just one phishing email, or know which links they should not click on, can save everyone a lot of time and money. UniVista advises a cybersecurity training course that provides multiple training methods is an effective way to really teach and track progress. Training videos, short quizzes and even test phishing emails that can show you who your “clickers” are allows you to see security training actually work!
- Communicate the Importance of Cybersecurity
- Build Awareness and Knowledge
- Measure and Monitor
- Check out more at The Ping: The Human Firewall
UniVista has developed the UniVista CyberSecurity Suite to help small businesses like yours accomplish all of the key elements. If you’d like to know more about The UniVista CyberSecurity Suite call us at 512-832-6209 or email [email protected]
Your UniVista Team
*Celebrating 20+ Years of Customer Satisfaction*