During the second installment of our new webinar series, The Lunchbox Leaders, we listened as Matt Solomon, the VP of Business Development & IT Complete at ID Agent, discussed digital risk and how to protect your assets from threats like phishing, ransomware, and hacking.
“Phishing is the easiest way hackers are able to get compromised credentials,” Matt stated. “There are quite a lot of threats out there, including ransomware and brute-force attacks, but the majority of these breaches—about 44%—begin with a phishing scam.”
Matt recommended 7 steps to avoid falling victim to a phishing scam:
- Watch for overly generic content and greetings. Cyber criminals will send a large batch of emails. Look for examples like “Dear valued customer.”
- Examine the entire “From” email address. The first part of the email address may be legitimate, but the last part might be off by a letter or may include a number in the usual domain.
- Look for urgency or demanding actions. “You’ve won! Click here to redeem your prize,” or “We have your browser history. Pay now or we’re telling your boss.”
- Carefully check all links. Mouse over the link and see if the destination matches where the email implies where you will be taken.
- Notice misspellings, incorrect grammar, and odd phrasing. This might be a deliberate attempt to try and bypass spam filters.
- Check for secure websites. Any webpage where you enter personal information should have a url with https://. The “s” stands for secure.
- Don’t click on attachments right away. Attachments containing viruses might have an intriguing message encouraging you to open them such as “Here is the schedule I promised.”
Phishing threats have grown in popularity with the onset of remote work due to COVID-19. In fact, according to the FBI, after a week of minimal activity, 80% of hacking-related activities changed over to COVID-related attacks.
As the remote workforce presents more of an opportunity for hackers to attack, small business owners should be more vigilant than ever to protect their organizations.
“Remote work puts your organization so much more at risk because you’ve got employees logging in on personal computers with different internet providers — you might not believe that a hacker can jump from a WIFI refrigerator, but they can.”
To protect your organization, Matt recommends adopting a zero trust policy, which operates on the premise of assuming that each of your employees has been compromised on some level. By putting the policies and security access management systems in place and monitoring compromises on the backend, you can ensure that your employees’ credentials and your organization are protected from digital risk.
We enjoyed hosting Matt as he shared his insights about digital risk and discussed how organizations can utilize zero trust methods to protect their networks from breaches. To recap, remember these notes: A layered security approach stands strong, assume that everything has been breached and anyone could have done it, monitor everything on your network (don’t take any chances), and use two-factor authentication on just about everything you can. Don’t forget to attend the next episode in our series, where the CEO of Blackpoint, Jon Murchison, will present “Social Engineering: How a Hacker Breaks Down a Target” – airing on Thursday, August 20th at noon.
As we delve deeper into the area of hacking and the dark web, remember that we perform Dark Web scans and offer Security Awareness Training at PGH Networks. If you are interested in setting this up for your company, please contact us today.
In case you missed episode two (or would like to rewatch it), you can find the full recording online.