Trolling for Data and Dollars

How Vulnerable Is Your Organization to Social Engineering and Cyber Extortion?

Declaring 2016 “The Year of Online Extortion,” the IT security company Trend Micro warns that most of us are unprepared to protect ourselves, both professionally and personally. In fact, despite the glaring need for evolving online security, less than 50 percent of organizations will have data protection officers on staff by the end of the year, reports Trend Micro.

I’m here to echo their warning—you’re at risk.

Fortunately, in addition to evolving security software and better and more readily available risk management resources and cyber insurance policies (like those offered by MJ), one of the greatest weapons you have is simple awareness that threats exist, which hopefully will lead to, putting and keeping up your guard.

This should extend to training for your employees.

Consider for a moment how many online interactions your company and employees have each day. With familiarity comes a certain degree of comfort. As a result, even the most unlikely targets become vulnerable. At the same time, the tactics of cyber criminals grow in sophistication and their opportunities to exploit increase with each new technology—think mobile payment methods and our increasing reliance on remote access via phones and tablets.

Our natural response to these threats is to rely on better firewalls, malware and virus protection, all of which are imperative. Yet these tools can’t protect us from the most powerful weapons all cyber thieves have at their disposal: fear and complacency. Carefully worded inquiries lead people to worry “What will happen if I don’t fulfil this request?,” and the human propensity to trust eliminates far too many barriers between your company and the criminal.

The article, Social Engineering: Employees Could Be Your Weakest Link, warns that “in addition to the tried-and-true method of sending legitimate-looking emails to unsuspecting victims, cybercriminals are now using social media and other popular platforms to launch their attacks.” After initial collection of basic information, subsequent contact begins to look and feel more legitimate, increasing the risk that dollars, confidential data and reputations could be lost.

Yes, a gauntlet of roadblocks to employee inboxes is a great start against cyber crime, but protection can’t stop there. Make sure employees understand their role. Instill the need for educated hesitancy before sharing too much information. Equally important, emphasize that it’s okay to question the intentions of unknown or questionable contacts. Working together, we can reduce the power of cyber criminals. Let’s not leave it to software alone.

Our next blog will highlight additional simple, yet effective employee training methods to help increase your company’s cyber security program.