2015: The year of ‘Phishing’?
If you follow major news headlines there is no secret that our personal data and information is under attack. As can be seen with recent reporting, no major corporation or governmental agency is immune to the omnipresent threat of a data breach. There are varieties of perils to all organizations around the world who deal with personal information, from insider data misuse to accidental physical loss of laptops and thumb drives. However, there is an increasing menace in that group which is wreaking havoc on companies and agencies, ‘phishing’.
What is Phishing?
Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication. A recent example, Sony Pictures Executives received fake Apple ID verification emails in mid-September that contained a link to “ioscareteam.net.” Upon visiting this domain, the victim was prompted to enter in his/her Apple ID information into a fake verification form. From there the hackers used those credentials in hopes they would match with their Sony network login… and they did. You know the rest of that story.
TMI! (Too Much Information)
One of the avenues phishers target our personal data is by searching through social media for the troves of data we make public. In today’s society we share almost everything through social media: where we live, our birthday, our likes and dislikes. Through Facebook and LinkedIn, this type of information is exactly what the phishers use as “bait”. Some statistics on social media behaviors are increasing the risk of getting hooked:
- 39% of users don’t log out after each session
- 25% share their passwords
- 31% connect with people they don’t know
As a result, 15% of social media users have had their profiles hacked and impersonated.
Combat the Phisher
The first step any organization needs to take in protecting itself against phishing is education. Every employee within an organization provides access for a phisher into their system. While many C-level executives have an understanding of the phishing threat, it is their responsibility to inform all employees of the risk phishing poses. Users should be considered the first line of defense in any security infrastructure. Organizations should implement a robust training program that will heighten users’ sensitivity to phishing attempts and other exploits.
If you are interested in learning more about phishing and educational resources available to you, please contact your Keenan Account Manager.
About Brad Keenan
Brad Keenan is a Management Trainee in the P&C Public Agency division. He enjoys making videos for Keenan and attending conferences.
About Kyle McKibbin
Kyle McKibbin, Account Manager, has been with Keenan since 2013. Over the past two years Kyle has focused on educating clients on Data Breach exposures and ways to mitigate risk for public entities.