Kylie Addison Sabra
December 20, 2019
You are a key part of your company’s IT network security team and you didn’t even know it! Hmmm. Maybe you should ask for a raise? We are abundantly aware that our computers are vulnerable to attack, but tend to feel our phones are somehow more secure. In addition, we think of attacks on our employer’s computer systems as being a result of malware without wondering how that malware got there in the first place.
We love the convenience technology offers. We are lost without our smart phones, laptops and tablets. Thanks to our lady friends Siri and Alexa; we are more and more dependent on the IoT (Internet of Things). Nonetheless, all of this convenience means we must be even more vigilant about network security; particularly in our workplaces. Eespecially if you work in a BYOD (bring your own device) environment. While we strongly discourage the practice, anywhere from 60 to 70 percent of employees use their own tablets, laptops or smart phone to access company data.
Not much sugar coating the issue.
We are our own worst enemy.
Social media engineering. The land before lions and tigers and bears.
Cybercriminals love social media.
Twitter. Home of short thoughts–and short links. While they are convenient, shortened links give absolutely no clue to where they are pointing. A whole lot of “no good” can come in that tiny package. Additionally, sites that attract thousands of visitors are going to attract a criminal element as well.
We love our friends lists and cultivate them with great care. At least we try. However, beware of urgent pleas for cash from your “friends”. Pick up the phone and call them to confirm they are indeed in need. You may be letting them know their account has been hacked as well.
Welcome to Malware Island.
Another typical scam is the “Oh my! Someone has posted shocking pictures of you.” approach. Driven by a sudden stab of fear, even if you haven’t been a party to questionable picture taking, you click on the link to check it out. Welcome to Malware Island. And now the attacker can do any number of things: record your keystrokes, hack your social media account, even take over your computer or hold your files for ransom.
Sometimes cybersecurity feels a bit like engaging in jungle warfare–shadows lurking behind every tree–and you are armed with a water gun.
Phishing, Smishing & Vishing. Oh my!
Attackers use social media to learn enough about us to win our trust. Then they use that knowledge to craft a highly convincing phishing email with just one single purpose. If you get really quiet, you can almost hear the frenetic whisperings reach through your computer. “Click that link. Come on. Click it! “
Or the attacker may send you a text with a link. This is called smishing for SMS phishing. Maybe he or she likes the personal touch and will give you a call. This is a vishing attack. short for voice phishing.
Sometimes cybersecurity can feel
a bit like engaging in jungle warfare–shadows lurking behind every tree–and you are armed with a water gun.
Just when you thought it was safe.
That little padlock to the left of the https URL just gives us the warm fuzzies, doesn’t it. We feel safe, protected. As a result, we let down our guard. Well, things have changed. Since 2017 cyber attackers are taking advantage of that sense of security, with nearly one-third of phishing attacks hosted on https sites–complete with SSL certificates.1 Apparently that worked well for our phisher friends because by the end of Q3 2019, that number rose to 68%.2
In conclusion, it’s all about you.
So how does that malware get past all the anti-virus software and firewalls your IT team puts in place? You!
Don’t panic. More than 90% of the time malicious software finds its way onto our valuable networks because someone clicked on a link. So, you are hardly alone. Not much sugar coating the issue. We are our own worst enemy.
The reality is, the bad guys are out there and looking for every chink in our armor to get in. The answer? Continuing to add layers of security. But, you are the most important layer of all.
A couple of thoughts to leave with.
you don’t click any links.
and you don’t take that quiz to see
if you were Cleopatra or Attila the Hun in a past life.
Welcome to the IT team. Now about that raise . . .
- (2017) ). Phishing Activity Trends Report Fourth Quarter 2017, Page 6. Retrieved November 14, 2019
- (2019) ). Phishing Activity Trends Report Third Quarter 2019, Page 10. Retrieved November 14, 2019