Spear Phishing Cybersecurity Attacks: Here’s What Businesses Need to Know
A recent story in CBS news, written by Dan Patterson, senior producer, and Graham Kates, investigative reporter, describes an email that Patterson opened up that he thought was from a close friend, but it turns out was really from a hacker. The attack itself was not real – Patterson and Kates had asked a cybersecurity company that works with CBS to hack them, but the event brought to light a problem that affects one out of every seven emails sent in a professional setting: spear phishing.
Spear phishing is a common practice used by hackers. They send out fraudulent emails that appear to be from a trusted sender to entice targeted individuals into sending confidential information or performing a seemingly-legitimate action. Many hackers spend time researching a victim’s family, friends, interests, or colleagues’ names and provide identifying details such as email addresses, names or photos to make the email seem authentic. The attack is successful if the victim follows the request of the cybercriminal.
At Rose & Kiernan, Inc., we definitely take steps as an organization to step up our own defenses against spear fishing and training of our employees and clients. As a business, there are steps that you can take to protect your organization from spear phishing:
- Regularly train your employees on identifying spear phishing attempts; show them what to look for.
- Encourage employees not to give out too much personal information online, especially on social media. Personal information from someone’s LinkedIn profile can be a valuable source for hackers.
- Establish, update and maintain a response procedure where employees are urged to report an attack and take immediate action.
- Consider setting up duo two-factor authentication for logins and also multi-step approval processes for actions such as funds transfers.
Of course, cybersecurity insurance is important and recommended, as it helps a business recover from a security breach or other cyber event.