Verizon reports that phishing attacks remain the number one cause of data breaches, particularly in the manufacturing sector. In just the first half of 2019, more than 4.1 billion records were compromised. Alarmingly, attackers hope to gain trade secrets, compromise personal and financial data or even disrupt manufacturing processes.
Manufacturers can, and should, implement high quality firewalls and automatically scan incoming emails for suspicious attachments or links. But technology cannot eliminate the human factor. As cyber criminals increase the sophistication of their attacks, end users must learn how to recognize and counter phishing attacks when they occur.
First, take a minute to understand the most common types of attacks:
Cyber criminals have successfully used many of the same techniques for years. Signs that an email may be part of a phishing attack include a sense of urgency, a generic greeting or subject line, attachments and poor grammar or spelling.
However, as phishing attacks grow in sophistication, it can prove difficult to distinguish a real email from a fake. Remember that a legitimate company will never send you an unsolicited email to request confidential information or money. Nor will they call or text you out of the blue to request that information. The same holds true for government agencies.
Look carefully at the sender’s email address. For instance, a business sender typically does not use public internet accounts like Gmail or Yahoo. But keep in mind that fraudsters can spoof email addresses and make an email look quite authentic. As a result, always verify before clicking a link or providing information. And never open an unsolicited attachment.
As a first step, before clicking a link, always mouse over the link to see a preview of the URL. Alternatively, type the URL directly into a new window, rather than relying on the link. Some signs of a fake URL include a slightly incorrect company name, “http://” instead of “https://” and extra characters or phrases in the link text.
Fraudsters can spoof websites as easily as they spoof email addresses. And you cannot assume that the locked padlock at the left of the URL guarantees the security of the site. Consequently, you should look for additional red flags like pop-ups that ask you for your credentials. Additionally, look for reliable contact information instead of simply email or a chatbot.
Training and security awareness campaigns can make a difference in educating end users. In addition, to make sure the lesson sinks in, consider conducting phishing simulations. These simulations involve sending phishing emails periodically to employees and tracking the result.
Start by training users about phishing and providing a method, such as an email address, for employees to report suspicious activity. Then periodically send phishing emails to a few users at a time. Think like a cyber-criminal. Use a sense of urgency, personalization, requests for sensitive information, attached files and so forth.
Track email open rates and click through rates. Then follow up with a general email to indicate that a colleague has reported a phishing attempt. Use the email as a teaching tool by highlighting the red flags. Additionally, follow up with further training as necessary.
You have heard the bad news. Cyber-crime continues to rise, costing manufacturers millions of dollars. But keep in mind the good news that you can take control of your cyber security. Address the human element with training and simulations. At the same time, engage a security expert to help you develop a comprehensive cyber security strategy.
The security professionals at eMazzanti provide security consultation and a full suite of world class services to keep your data and your business safe. From cloud security to encryption and network monitoring, we have you covered.
You likely hear terms like "blockchain," "machine learning," and "cloud computing" without considering their real…
In today’s fast-paced digital landscape, businesses cannot thrive without effective collaboration. Microsoft continues its unwavering…
An email signature accomplishes much more than simply telling readers who you are and how…
Cyber security professionals work hard to safeguard companies’ information. But with criminals constantly changing their…
Domain-Based Message Authentication, Reporting, and Conformance (DMARC) is an e-mail security protocol designed to validate…
My job is to manage my law office’s cloud servers here at Justice Freaks. As…