Verizon reports that phishing attacks remain the number one cause of data breaches, particularly in the manufacturing sector. In just the first half of 2019, more than 4.1 billion records were compromised. Alarmingly, attackers hope to gain trade secrets, compromise personal and financial data or even disrupt manufacturing processes.
Manufacturers can, and should, implement high quality firewalls and automatically scan incoming emails for suspicious attachments or links. But technology cannot eliminate the human factor. As cyber criminals increase the sophistication of their attacks, end users must learn how to recognize and counter phishing attacks when they occur.
First, take a minute to understand the most common types of attacks:
Cyber criminals have successfully used many of the same techniques for years. Signs that an email may be part of a phishing attack include a sense of urgency, a generic greeting or subject line, attachments and poor grammar or spelling.
However, as phishing attacks grow in sophistication, it can prove difficult to distinguish a real email from a fake. Remember that a legitimate company will never send you an unsolicited email to request confidential information or money. Nor will they call or text you out of the blue to request that information. The same holds true for government agencies.
Look carefully at the sender’s email address. For instance, a business sender typically does not use public internet accounts like Gmail or Yahoo. But keep in mind that fraudsters can spoof email addresses and make an email look quite authentic. As a result, always verify before clicking a link or providing information. And never open an unsolicited attachment.
As a first step, before clicking a link, always mouse over the link to see a preview of the URL. Alternatively, type the URL directly into a new window, rather than relying on the link. Some signs of a fake URL include a slightly incorrect company name, “http://” instead of “https://” and extra characters or phrases in the link text.
Fraudsters can spoof websites as easily as they spoof email addresses. And you cannot assume that the locked padlock at the left of the URL guarantees the security of the site. Consequently, you should look for additional red flags like pop-ups that ask you for your credentials. Additionally, look for reliable contact information instead of simply email or a chatbot.
Training and security awareness campaigns can make a difference in educating end users. In addition, to make sure the lesson sinks in, consider conducting phishing simulations. These simulations involve sending phishing emails periodically to employees and tracking the result.
Start by training users about phishing and providing a method, such as an email address, for employees to report suspicious activity. Then periodically send phishing emails to a few users at a time. Think like a cyber-criminal. Use a sense of urgency, personalization, requests for sensitive information, attached files and so forth.
Track email open rates and click through rates. Then follow up with a general email to indicate that a colleague has reported a phishing attempt. Use the email as a teaching tool by highlighting the red flags. Additionally, follow up with further training as necessary.
You have heard the bad news. Cyber-crime continues to rise, costing manufacturers millions of dollars. But keep in mind the good news that you can take control of your cyber security. Address the human element with training and simulations. At the same time, engage a security expert to help you develop a comprehensive cyber security strategy.
The security professionals at eMazzanti provide security consultation and a full suite of world class services to keep your data and your business safe. From cloud security to encryption and network monitoring, we have you covered.
Cyber threats never take a day off, never clock out and go home at the…
Building, deploying, and managing applications via Microsoft's global network of data centers is easier with…
Microsoft Copilot is a tool, powered by AI, that aims to boost your productivity within…
Making things happen is the art and science of project management. The process involves managing…
In today's fast digital life, website performance is important, as it holds visitors and ensures…
The FBI reported that cyber attacks against government facilities saw an increase of almost 36…