Just one distraction, just one lapse in judgment by just one employee, can hand the keys to a business network to an attacker.
New York, NY (PRWEB) November 29, 2012
Just like in all the great bank heist movies, a distraction, even a momentary one, can make all the difference between the thieves making off with the loot, or ending up in very bad place for a long time. Cyber criminals thrive on distractions too. To ensure the professional, experienced help businesses need to survive a successful breach or attack is available should the need arise, Global Digital Forensics will have emergency incident response teams on call around the clock throughout the holiday season to help identify and stop the attack, help conform with regulatory compliance, and substantially reduce the negative aftermath which inevitably follows any successful data breach, cyber intrusion or attack.
All year long inboxes get loaded with fake notifications seeming to come from highly reputable companies like PayPal and eBay, along with bogus invoices and charge alerts, and all kinds of other phishing emails designed to steal credentials and/or other account information, or to deliver a malicious payload either through an attachment, or by directing a user to a specific site which the hacker(s) designed to fool you. And all year these attempts may be easy to spot because deviations from typical behavior are relatively easy to spot. But for a great many, there is nothing typical about shopping behavior during the holidays. Just one distraction, just one lapse in judgment by just one employee, can hand the keys to a business network to an attacker.
Joe Caruso, founder and CEO/CTO of GDF, has been on the front lines helping businesses survive cyber emergencies for years, experiencing the constantly evolving cyber threat landscape from a unique insider perspective granted to very few. Informed by this insight, he offers some tips every business, every employee, and basically every computer user should remember about phishing threats (by far the most common and successful attack method giving hackers the access they want) throughout the holiday season and beyond.
“It all starts with vigilance. Paying attention and being suspicious of every single email is a great start. Things like who is it “from” exactly? Is the address an exact match to the actual organization’s web address? Or is it slightly misspelled, like an extra character or word attached? Without even getting into the realm of spoofed headers, this is an easy check-off to immediately junk that correspondence. Is there an attachment? Don’t open any attachment until you are absolutely sure of the origin. Most reputable organizations will never send an attachment on an initial contact, and undeliverable mail notices typically don’t have an attachment either. “
“Next, check to see where the links in an email actually go. By mousing over the link, the destination URL revealed may be very different than the one showing up in underlined text. Do not follow it under any circumstances if there is any doubt in your mind. It will only lead you down a very dark rabbit hole.”
“To verify legitimacy, contact the supposed sender, or check your account yourself, but never use the phone number or links to the site in the suspect email. Just like we do in our social engineering testing during our comprehensive penetration tests, a website can easily be faked to look like the legitimate site. So type the address in yourself, or call a number you know is valid, like the one on the back of your credit card.”
“Be careful on social networking sites. Just like in military operational security, the bad guys are always trying to piece together bits of information which may seem harmless on their own, but when put together can make it easy for a hacker to craft a spear phishing email much harder to distinguish from the fakes blasted to thousands or millions of people. Take talking about buying a special gift from a specific store for instance. How easy would it be for a hacker to send you a notification about your purchase from store X, which now makes perfect sense to you, to get you to click on a malicious attachment or link?”
These are just a few tips, but there are also countless other threats in the digital realm taking a hard toll on businesses every day. One employee getting hoodwinked can compromise a business’s network security and even mainframe security, leaving precious digital assets exposed to unfriendly entities to do with what they will.
GDF’s comprehensive penetration testing program helps uncover weak points to substantially reduce the threat of cyber intrusions and attacks. But if a threat does find it’s mark, GDF’s emergency incident response teams can help businesses get through it with as little damaging aftermath as possible, from both a monetary standpoint, as well as the beating integrity, client trust and regulatory compliance can take after a successful attack. To speak with a cyber security specialist, or for help with a cyber emergency, call GDF at 1-800-868-8189. Emergency response teams are standing by nationwide.