Tech Insights: Hook, Line & Sinker
Primary tabs
The information contained in this article is not intended as legal advice and may no longer be accurate due to changes in the law. Consult NHMA's legal services or your municipal attorney.
Hook, Line & Sinker!
Email Phishing and Spear Phishing are quickly becoming more sophisticated and more targeted than ever before. It is critical that you understand these threats to your municipal’s network. Awareness of key threats will enable you to employ practices and behaviors that limit your risks.
What exactly is email phishing and spear phishing?
Email Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.
Email Spear Phishing is mostly the same as phishing. The difference is that the attack is targeted towards a specific key person or group. The spear phisher thrives on familiarity. They typically already know your name, email, and more (info about you is easily gathered from social media).
The Sony, Anthem, and Target breaches all began with a phishing scam. Once a malicious link is clicked on, cyber criminals use techniques like hiding downloads of malware on your system, placing keyloggers on your PC to capture keystrokes, or using different forms of ransomware to extort cash from victims by encrypting your data and demanding cash for the data back.
BUT, I employ Network Administrators, and they implement top security measures. So I’m covered, right?
The best security technology in the world can’t help you unless employees understand their roles and responsibilities in safeguarding sensitive data and protecting company resources. If you are already patching applications, keeping anti-virus software up to date, monitoring and preventing access to malicious websites, then you are already screening out the majority of malious attacks, BUT the cyber criminals
are always developing new tactics, and some will still get through to your inbox. Therefore, the end user/employee is the last, and most important layer of defense against phishing attempts. That is why employee awareness training is so important. This will involve putting practices and policies in place that promote security, and training employees to be able to identify and avoid risks.
Tips to Avoid Malware
Below are tips provided by the Federal Trade Commission. Please read and share them with your staff. These are simple tips for avoiding malware.
Keep your security software updated. At a minimum, your computer should have anti-virus and anti-spyware software, and a firewall. Set your security software, internet browser, and operating system (like Windows or Mac OS) to update automatically.
Instead of clicking on a link in an email, type the URL of the site you want directly into your browser. Criminals send emails that appear to be from companies you know and trust. The links may look legitimate, but clicking on them could download malware or send you to a spoof site designed to steal your personal information.
Don’t open attachments in emails unless you know who sent it and what it is. Opening attachments — even in emails that seem to be from friends or family — can install malware on your computer.
Download and install software only from websites you know and trust. Downloading free games, file-sharing programs, and customized toolbars may sound appealing, but free software can come with malware.
Minimize “drive-by” downloads. Make sure your browser security setting is high enough to detect unauthorized downloads. For Internet Explorer, for example, use the “medium” setting at a minimum.
Use a pop-up blocker and don’t click on any links within pop-ups. If you do, you may install malware on your computer. Close pop-up windows by clicking on the “X” in the title bar.
Resist buying software in response to unexpected pop-up messages or emails, especially ads that claim to have scanned your computer and detected malware. That’s a tactic scammers use to spread malware.
Talk about safe computing. Tell your employees that some online actions can put the computer at risk: clicking on pop-ups, downloading “free” games or programs, opening chain emails, or posting personal information.
Back up your data regularly. Whether it’s text files or photos that are important to you, back up any data that you’d want to keep in case your computer crashes.
Creating awareness with your employees is a critical element of security. They need to understand the value of protecting customer and colleague information and their role in keeping it safe. They also need to know the basics on how to make good judgments online.
Most importantly, they need to know the policies and practices you expect them to follow in the workplace regarding Internet safety.
Tim Howard is President and CEO of RMON Networks (www.rmonnetworks.com) located in Plaistow and Laconia. For FREE resources like virus removal tools, policy templates, an employee training kit, and more visit www.RMONnetworks.com/informationsecurity.