Did you know that managing security services can protect your organization?
One of the most common information technology attacks on organizations today is the “phishing” attack in which an email message entices an email user response by clicking on a link that redirects the user to a malicious web site that requires user name and password credentials, or click on a seemingly unharmful attachment, or simply respond to the message with information that they believe they are sending to a trusted contact within the company, such as an IT administrator, a vice president, or a senior manager.
Malicious attackers use phishing in its various forms to capture information and authentication credentials that they can use to gain unauthorized access to the company, and in some cases to install malware on employee workstations, enabling remote access for a hacker located somewhere on the Internet (or in the company parking lot if wireless is available).
Preventing this attack requires combined countermeasures such as
- anti-spam systems
- anti-virus software and systems
- Internet content filters (so that personnel cannot be redirected to a malicious web site) and
- personnel security training
By training company employees and contractors on how to recognize phishing attacks, and by teaching them the difference between legitimate and illegitimate email requests they may receive, personnel that receive a phishing scam message are more likely to report the email to an IT administrator than to click on a link or otherwise respond as suggested in the email, preventing another human factor attack vector from providing hackers with a way to access the company.
In the next post, learn about hidden network infrastructure vulnerabilities that can enable cyber criminals to silently control your organization’s information systems.