It used to be that one of the main concerns for a network’s security was making sure to have up-to-date antivirus and anti-malware software running. Now, a rapidly growing threat to a network’s security, and business security in general, is that of e-mail phishing.
Phishing is when someone sends an email that appears to be coming from a legitimate business, or known individual, where the sender is trying to trick the recipient into taking an action. That action could be to download malware, or to log into a fake website in order to steal login and password information. By relying on the recipient’s trusting nature, and weaknesses in browsers being used, the sender can also install a Trojan Horse onto the computer in order to harvest sensitive data.
It has grown so prevalent that there are now names for the various forms of phishing. Two of these are spear phishing and whale phishing. Spear phishing is the targeting of a specific person, or group of people, by including information that is relevant to the recipient’s business, travels, or behavior that makes the email seem that much more authentic. Whale phishing is the act of going after the “big ones”. These attacks target a company’s management, figuring that the more senior the target, the more valuable the information stolen should be.
In an effort to thwart phishing attacks, there are companies that aim to educate and train users to not fall for the phishing bait. Their approach is to run phishing campaigns against a company’s own employees. Then they use the results of the phishing test to educate them on the dangers of phishing, and what to do to avoid being the victim of a phishing attack. The management of the company testing its employees has the ability to select the type and the contents of phishing email to be sent to their users. It can be business related, appear to be an offer from a retail merchant, or from virtually anywhere that may trip up their employees. Once the phishing email has been sent, the company can track who opened the email, who actually clicked on a link contained in the email, and then review the complete companywide results.
MIBAR decided to test its staff recently by sending a targeted phishing email to all employees. The results were both surprising and expected, in that a larger than anticipated number of employees “failed” the test by either opening the email or by clicking on one of the embedded links, based on known industry percentages. By reviewing the results of the test with the company, MIBAR’s employees are now more aware of the threat posed by phishing attacks, and are also in a better position to warn and protect their customers as well.
The true evidence that phishing has become a major problem, is that Microsoft itself just recently became involved in the business of phishing protection. In one of the recent updates to Office 365, Microsoft announced the inclusion of a new feature called Attack Simulator. The Attack Simulator allows a company’s email administrator to generate the same type of phishing attack as described above, to see how their employees react. With Microsoft’s involvement, and the presence of those companies already involved in fighting the phishing epidemic, in the future, users should be better educated against phishing attacks and in a better position to avoid being successfully phished.
The world can be a dangerous place, which means your business data is always at risk. But when you implement a networking infrastructure management system and reliable strategy, you can easily prevent lost or corrupted data. MIBAR.net engineers, installs and configures Microsoft operating systems and database solutions that ensure optimal efficiency and protection across the core infrastructure of your business. From natural disasters, to cyber attacks, we provide the tools and technologies required to keep your network performing, while always protecting against harmful intruders. Get started by scheduling a free infrastructure assessment.