Recent penetration testing conducted against higher education institutions demonstrated a “100 per cent track record of gaining access to a higher education institution’s high value data within two hours.”
Was this directly due to a lack of cyber security technology exposing these institutes? Possibly not. The method of attack used in this research was electronic social engineering, specifically spear phishing emails.
So are we humans the weakest link in cyber security?
Many spear phishing emails will spoof the recipient’s domain name, more often than not appearing to come from a senior colleague. The emails will request either a supplier payment be made or an action that requires the opening of an attached document. That sophisticated knowledge or the recipient’s organisation is what makes these emails so successful.
But there are steps we can take to protect our organisations.
There are a host of ways in reducing your risks of falling foul to phishing emails, here are two examples.
If you have an email filtering service you could block emails with your own domain if the email doesn’t come from your mail server. A good mail filtering service will enable legitimate emails with your domain that aren’t sent from your mail server, such as an email marketing engine or an online CRM system, to get through. This action can reduce the volume of threats received.
How many times have your colleagues had training on how to spot phishing emails? Maybe not many. There are several simple steps that every user can take to help identify phishing emails. Arming users with that information, and then checking their actions with organised phishing email testing can reduce the number of malicious emails acted upon.
Reducing the quantity of phishing emails a user receives and empowering users to spot them are just two ways in which we can help you reduce your risks from these attacks and strengthen your security.
Call Abtec on 01858 438 500 today to find out how we can help you reduce your risks.
It’s only February and two huge data breaches have already been identified. Collection #1 and Collection #2-#5 contain an estimated 3 billion email addresses and passwords.
You can find out if you’ve been affected here: https://sec.hpi.de/ilc/search
This is yet another reason to review your IT infrastructure’s security measures. Network and infrastructure attacks take many forms. These data breaches raise potential vulnerabilities in remote network access and email security. Unfortunately, many people will still use the same password, or variations on a password, across multiple applications. Forcing colleagues to use strong passwords is the first step in improving security, and implementing a rule to change passwords at regular intervals can help too. However, these can open other security issues, for example people sticking passwords to monitors in plain view of everyone else!
There are better strategies to take in securing your infrastructure. Contact Abtec on 01858 438 500 to book a security review to identify the best for you.
Also, download our Building Better Disaster Recovery Plans guide to find out more ways to prevent unplanned interruptions to your infrastructure.