By Bray Barnes
As cyber-criminals become more sophisticated, employees are having a harder time recognizing common threats like ransomware or phishing.
That’s why companies need to invest in consistent cybersecurity training and tools with advanced security features already built in.
One of the most common cybersecurity threats, ransomware refers to malicious software (malware) that takes control of your computer and/or captures sensitive data. Typically, ransomware is accompanied by a demand for financial ransom to turn control or information back over to you.
Like ransomware, phishing typically occurs by email.
This is a type of attack in which a cybercriminal sends messages that look official, or from a trusted source. Unfortunately, it’s just a convincing call to action that encourages you to click on a link that will enable malware to infect your computer.
In the past, these things were easier to identify. We all remember seeing and calling out scams like this because of poor wording, misspellings and/or other questionable details.
Today, cyber-criminals are becoming so adept at targeting senior leaders within a company. They will use personalized emails that are very difficult to detect. Messages are well disguised and they look like they come from your colleagues or a company’s senior leadership, even C-suite executives.
This is a technique called “spear-phishing,” where a particular person is targeted, or “whaling,” where C-suite executives are the targets. It’s something that is being used with greater frequency across many sectors.
It’s important to train employees and keep security software current. In addition, be aware that phishing attacks can be launched any time employees click links to phony Web sites.
Also, use hardware with built-in Web browsing security features.
The HP Elite family, for instance, comes with a feature called HP SureClick that reduces the chance of employees clicking on dangerous links. With HP Sure Click, unfamiliar files can be opened in read-only mode and protected with hardware-enforced isolation that quarantines suspect websites.
If the file is compromised, the malware is contained and prevented from infecting the PC. If the file is trusted, users can select “remove protection,” and open the file for editing in other applications.
More training and better technology. These efforts will help companies reduce cybersecurity risks and ensure employees can better recognize potential threats.
ABOUT THE AUTHOR
Bray Barnes is the Director for the Global Center for Public Safety’s Institute for Cybersecurity. He previously was the Director, National Cybersecurity Institute, (NCI) Washington, DC, and is the Founder and Principal of Security Evaluation and Solutions Group, LLC that provided three unique Homeland Security cornerstones of service including Cyber Intelligence Analyst training. He has served as a member of the US Dept. of Homeland Security Cyber focus group, as Director, (Senior Executive Service) U.S. Department of Homeland Security (DHS), Washington, DC, directing the First-Responder Program, and as the Acting Chief Human Capital Officer with oversight to include all training and education for the Department’s 210,000 employees. He is a licensed attorney in New Jersey and Washington, DC, with thirty (30) years of experience in the legal profession representing various police agencies, corporations and financial institutions.