The “humans” are the weakest link in creating safe and secure computer environments.
Most organizations concentrate on securing computers, utilizing increasingly sophisticated cybersecurity protection, but resources should be proportionally allocated to prevent human errors, which result in 88% of data breaches.
It is not easy to eliminate human errors. We cannot replace faulty human actions in the way we replace non-functional lightbulbs. But like lightbulbs, we can create maintenance steps that will reduce, if not eliminate, the chances of human errors.
Knowing the steps to keep computer systems and data safe can be the difference between being a successful business and going under.
Today, we will describe the most common mechanism cybercriminals use to gain access.
Email Phishing
This is the most common and successful technique used by hackers to gain access to employee computers and/or to reveal their credentials. Email filters do a good job identifying spam content. But those filters have difficulty determining if well-engineered content authentically related to the business or in some cases designed to target specific individuals is malicious.
If the recipient opens a file attachment, clicks on a link to a malicious website, or responds with login credentials, hackers can access corporate computers.
How to spot Email Phishing
Email requests for urgent actions. It can be threatening if actions are not taken or there is a loss of opportunity.
Bad Grammar and Spelling Mistakes. Many Phishing Emails originate from countries where English is not the first language.
Unfamiliar person name, Email address, or Domain Name. Check that the email originates from the organization you are familiar with. If there is a link, hovering the mouse over it will display URL information. Often, the URL can appear very similar to an authentic one. For example, instead of google.com, your email originated from gogle.co.
Suspicious Attachments. Attachments from outside the company should always be treated as suspects containing malware.
Email Requesting Computer or Application Credentials, Payment Information, or Sensitive Data. IT or company employees would never request such information via email. Beware of email pages that look like login screens, asking you to log in to the applications.
Below is one example I received recently from “Home Depot”:
Hackers have become more sophisticated in their ability to target specific users. They can scan your social media pages, such as Facebook, to find more information about you. Information on social media, such as the names of your kids or pets, can be used in messages targeting you.
Phishing uses other types of media besides email, such as phone, SMS, and social media.
Коментари