Cyberattacks continue to dominate headlines as they expose national security issues. So, they are a growing concern for businesses of all sizes. Sophisticated phishing attacks often emerge as a primary entry point for hackers to get their ransomware or malware into your organization’s network. And unfortunately, your company’s workforce is often the “weakest link” in the cybersecurity chain. So, what can you do to protect your company? Read and watch our HRx webinar to learn from cybersecurity expert Russell Norris, MS, MEP, how you can train your team to identify cyber threats and protect your business from devastation.
What are Phishing, Spear Phishing, and Whaling?
Phishing, spear phishing, and whaling attacks vary in their levels of sophistication and targets. Phishing involves sending malicious emails from supposed trusted sources to as many individuals as possible. They are often impersonal, sent in bulk, and contain spelling errors. Additionally, they may use trusted logos to try and trick the receiver. To verify an email that may seem legitimate, you can identify if the email sender’s information is legitimate by hovering your cursor over the sender email address to reveal the real email and avoid clicking on any links in these kinds of messages.
On the other hand, spearfishing is more challenging to recognize because the emails appear to come from a source you may know. The emails are personalized to a particular individual or group and have information that may enhance its legitimacy. You can employ risk prevention measures to assist with these types of attempts include two-factor authentication, well-established password management policies within your company, and routine educational campaigns.
Whaling uses deceptive email messages and targets high-level individuals in your organization, such as CEOs, CFOs, and other executives. They target these individuals because they have access to valuable information such as trade secrets, passwords, and employee information. Moreover, the emails are personalized and seem to have legitimate authority.
Cybersecurity and Ransomware
Ransomware is the number one vector of attack. If you are experiencing ransomware, the screen will usually turn red, and your files are encrypted and held hostage until you pay a certain fee. Whether or not you should pay your ransom is still up for debate. For example, the city of Atlanta underwent a ransomware attack due to one employee’s weak password. The city chose not to pay and cooperated with the FBI and others. They are currently still spending money to recover the data. The attack affected more than 6 million residents. Conversely, Colonial Pipeline went under a ransomware attack in 2021. They paid millions and their software was returned to them slowly.
Cybersecurity Key Takeaways
To protect yourself and your company, you should do the following:
- Use two-factor authentication
- Create a unique password for every account
- Change your password frequently
- Use platforms like Last Pass
- Review the emails you receive carefully and hover over any links to verify the legitimacy
- Do not click on any links if the email seems questionable
- Contact your IT department if you have any issues, and know that you can also contact the FBI, US Secret Service, and CISA.
Stay Current with Our HRx Webinars
Register for our webinars! Join the discussion and ask our experts the questions that are on your mind. Or contact us if you have any questions or want to learn more.