Stated best by Dustin Balser, Senior IT Security Engineer for Resultant, during a recent event, “organizations have to be prepared for cyber attacks 100 percent of the time. A hacker only has to be right one time.”
Every organization is vulnerable. To combat cybercrime, there is no one-size-fits-all solution; however, educating individuals within an organization is the first step in helping secure an organization.
Understanding Cyber Crime
Employees must first have a basic overview of what classifies as cybercrime. Cybercrime is any activity that is conducted with the use of technology (i.e. cell phones, laptops, tablets) that has access to the Internet or another computer network. Some common examples of cybercrime include theft of personal data, fraud, disseminating computer viruses, and stalking.
Recognizing Cyber Crime
Organizations must keep their guard up to thwart these cybersecurity attacks. Training employees on what they might experience with the most common attacks will help identify attacks early. Early identification allows your security team to prepare defenses and, hopefully, render the attacker empty-handed. Popular attacks include:
- Phishing: One of the most effective and popular attacks, a phishing attack is a deceptive widespread email from a trusted source, often sent to over a thousand individuals, attempting to acquire sensitive information.
- Spear Phishing: A spear phishing campaign goes one step further than a phishing campaign. In this campaign, hackers learn detailed information about individuals within the organization including employees’ names, email addresses, and some personal information. As an example, hackers, acting as the CEO or President, might construct an email attack requesting employees transfer funds to a client. Not questioning an email from the boss, employees will transfer the money to the hacker. Organizations commonly lose millions of dollars to this type of hack.
- Social Engineering: A non-technical technique, social engineering involves gathering information on a target. Employees often give away too much information making it easy for hackers to form attacks. These attacks take place over the phone or actually in person.
- Device Swipes: Mobile phones can be one of the most damaging devices employees own. Phones are easy to forget or leave behind for someone to swipe. Phones should be password protected to ensure data is protected.
- Check Fraud: Attackers commonly “wash” checks keeping everything on the check the same except for one detail. This includes washing the dollar amount, replacing $4,000 with $40,000, or making the check payable to the attacker. These attackers only need the account number and the banks routing number, which is readily available online. Anytime individuals provide an account number, attackers can create a fake check.
Protecting Your Organization
Attacks happen to organizations of every size—big and small. In today’s day and age, all organizations must be prepared. Employees must understand the importance of regularly questioning suspicious emails and seeking confirmation from stakeholders before actions are taken.
As technology continues to advance and the world is increasingly connected, the threat of cybercrime will only increase. A key step to keep organizations safe is providing employees with ongoing training pertaining to the latest cybersecurity threats.
At Resultant, we help organizations evolve their existing infrastructure to be ready for the cybersecurity threats of today – and tomorrow. Let us know how we can help.
