A hospice company employee email account in Tennessee was accessed by cybercriminals for a period of two days – potentially compromising the private medical data of the patients in their care. Are you making the same cybersecurity errors they were?
Did you know? The average phishing attack costs businesses $1.6 million.
Can you afford that price tag? Not likely – but more importantly, do you believe that number?
The problem with the rising tide of cybercrime incidents (e.g. the rate of phishing attacks increased by 65% in recent years) is that you get desensitized to the whole thing.
You’ve probably heard so much about phishing, ransomware and data breaches that it’s just become background noise.
Would you like a wakeup call?
If stats aren’t selling you on the reality of phishing and cybercrime, the consider this real-life example from just a couple months ago.
Alive Hospice in Nashville has reported that an employee’s email account was accessed by an unauthorized party in May 2019. When the suspicious activity was noted, they launched an investigation, discovering that the hackers had access to the account for two days.
While no evidence suggests that patient info was accessed or stolen, that can be difficult to determine. And, when it comes to the principle of the matter, it doesn’t matter whether sensitive info was stolen or not – their defenses were breached, simple as that.
Cybercrime attacks continue to happen on a regular basis; new variations on the same old trick that pop up over and over again point to a bigger problem than the actual scams – businesses aren’t learning to protect themselves. That’s why the number of reported phishing attacks has gone up by 65% in the past few years.
But maybe we’re getting ahead of ourselves – let’s make sure everyone knows what we’re talking about…
Phishing is a method in which cybercriminals send fraudulent emails that appear to be from reputable sources in order to get recipients to reveal sensitive information and execute significant financial transfers.
The reality is that cybercriminals can keep doing the same old thing because users keep falling for the exact same tactics without ever seeming to learn the cybersecurity measures needed to protect against them.
That’s why the– businesses keep making it easy for cybercriminals to get away with.
Phishing is a hacking technique that “fishes” for victims by sending them deceptive emails. Virtually anyone on the internet has seen a phishing attack.
Phishing attacks are mass emails that request confidential information or credentials under pretenses, link to malicious websites or include malware as an attachment.
With only a surprisingly small amount of information, cybercriminals can convincingly pose as business members and superiors in order to persuade employees to give them money, data or crucial information.
Share these key tips with your employees to ensure they know how to spot a phishing attempt:
In the end, the key to phishing methodology is that it doesn’t rely on digital security vulnerabilities or cutting-edge hacking technology; phishing targets the user, who, without the right training, will always be a security risk, regardless of the IT measures set in place.
Making security education a routine for your entire team – management included – is the most effective way to stop a phishing attempt. Waiting for another major cyberattack to start making the rounds is not the time to start investing in your staff’s cybersecurity awareness.
Waiting for another major cyberattack to start making the rounds is not the time to start looking at providing cybersecurity training for your staff- at that point, it’ll be too late. Making cybersecurity education a routine for your entire team – management included – is the most effective way to ensure your team can spot and stop a phishing attempt.
Allow Kraft Technology Group to help. We’ve can provide IT security services — including comprehensive cybersecurity training — to organizations like yours. By having our expert team of IT security professionals equip you with robust cybersecurity solutions, train your staff to spot and eliminate threats, as well as keep everything up to date, you can ensure all your cybersecurity bases are covered.
Like this article? Check out the following blogs to learn more: