Phishing: Still a concern

Businesses often don’t realize how vulnerable their confidential data is until it’s exposed by a hack. By now, many are aware of external threats to data security and (hopefully) prepare accordingly, but breaches can still occur—despite taking the necessary security precautions. And with phishing, threats don’t need to sneak in the back door; sometimes they walk right through the front.

The ins and outs
Phishing is the act of posing as a familiar, trustworthy entity in electronic communications and using that familiarity and trust to get recipients to release confidential information, such as passwords and bank account numbers.

While it’s difficult to pinpoint the exact origin of phishing, variations of the tactic existed as far back as 1995, when a program allowed attackers to pose as AOL company representatives and steal AOL users’ credit card numbers. A recent HP study found that nearly 70 percent of IT professionals experience weekly phishing attacks.

All it takes is one employee clicking on a nefarious email link, and your business is at risk. Just ask data security firm RSA, who fell victim to a major security breach in 2011. An employee opened an email thought to contain a spreadsheet of staff salaries, when in fact the email contained malware that gained access to, and exposed, some of the company’s confidential data.

The dos and don’ts
While it’s easy to advise that common sense is the best way to avoid phishing scams, that’s not always the case. Some of these emails are so clearly fraudulent it’s almost comical, but even the most cautious employees can be tricked by the authentic-looking scams. So, what are the things to look for when trying to identify a potential phishing email?

The first thing you should do is change the password for the legitimate site you thought you were visiting. Doing this ensures that the hacker who now has access to your old password won’t be able to access your account. If you’ve shared personal information like a bank account number, contact that institution immediately and let them know. They’ll be able to monitor your account and alert you of any unusual activity. To help prevent this from happening again, many browsers have a “report unsafe website” feature, and Outlook’s “junk” feature can help identify future threats.

Even taking all of these steps is no guarantee that you won’t fall victim to a phishing scam. As threats evolve, so too should your methods of prevention.
If companies as large as Target and Sony can fall victim to data attacks, so might your business. By keeping current on threat trends, and establishing a security protocol for your employees, you’ll already be one step ahead of phishing attacks. 


In god we trust