There are multiple types of cyber criminals out there today. Knowing who they are and how they penetrate your business is essential to ensuring you have the coverage you need. Let’s talk about the first 3 types of cyber criminals. #1 The Social Engineer Cyber criminals pretending to be someone else can trick unsuspecting employees to compromise data. In one scenario, a spoof email purporting to be from the CEO of the company directs an employee to send a PDF with employees’ 1099 tax forms for an upcoming meeting with the Internal Revenue Service. The social engineer is able to capture Personally Identifiable Information (PII). “We often see people making mistakes like this,” says Jennifer Coughlin, a partner at Mullen Coughlin LLC, a data breach law firm that works with Travelers Insurance. “Encourage employees to make a phone call and speak to the person, instead of leaving a voicemail – to verify all requests for sensitive, confidential, or protected information and financial information before they reply with the requested information. Employees should also ensure the “Reply To” address is, in fact, the email address of the requesting employee, and send this type of information via an encrypted email message.” Beware time-sensitive requests, as social engineers sometimes use a sense of urgency to compel victims into unsafe behavior.
#2 The Spear Phisher
Social threats factored into just under one-third of confirmed data breaches, with phishing the tactic used in 92 percent of social-related attacks.1 An email can appear to be from a legitimate sender, but actually contain a malicious attachment or link that can give spear phishers access to banking credentials, trade secrets and other information that they are able to access. “Companies can have employee training that both prepares and tests employees to recognize and respond to malicious phishing attempts,” says Tim Francis, Travelers Enterprise Cyber Lead. If a phishing attempt is successful, having the proper security in place provides another line of defense: protecting the rest of your network by segmenting the network and implementing strong authentication between the network and important data.
#3 The Hacker
Nearly two-thirds of confirmed data breaches involved leveraging weak, default or stolen passwords.2 Malware poses a serious threat, as it can capture keystrokes from an infected device even if employees use strong passwords with special characters and a combination of upper- and lower-case letters. Still, strong passwords are the first line of defense against hackers, according to Tim Francis. “Use multi-factor authentication, enforce strong password requirements, patch operating systems, software and apps, and increase redundancy and bandwidth,” Francis says. Later this week, we’ll talk about more about cyber insurance and how you can stay protected. Keeping you protected, Rick All Access Insurance in Littleton, CO, who represents multiple insurance companies as a “Broker” and provides products for auto, home, commercial, workers compensation, and much more! Call us today for a free quote at (303) 932-1700