As you probably know “Phishing” is the security term used for email that looks perfectly valid, but which contains links or attachments that can infect your PC. Really good phishing email looks like it came from someone you know, or from a business that you work with and trust. A well-crafted Phishing scheme lowers your defenses. You say to yourself, “I’m glad John got back to me on that financial plan.” Or, “I wonder why Wal-Mart is having trouble with my invoice.” And a click or two later and you’ve fallen victim to a phishing attack.
Sometimes you know right away when you’ve fallen victim. Your PC goes bonkers or acts oddly and perhaps disturbing messages appear. However, the worst infections can go undetected for a long time. The malware may be snooping for your on-line banking account password, or trying to steal other valuable information. These are probably the worst types of malware infections as you don’t know you are infected.
Small and mid-sized businesses are now under increasing attack from this type of security threat. Organized criminals are looking at these companies as more vulnerable and easier targets. They may have smaller bank accounts, but it may be easier to drain them. So don’t think being a small company will not make you a target.
Here are some thoughts on simple things you can do:
- Be sure all of your PCs and Macs are running the latest anti-virus protection software. Nothing should be connected to your network that does not have the best possible protection.
- Be sure you use strong and unique passwords for financial accounts. We human animals like to minimize the number of complicated things we have to remember. If you use the same password for Facebook and your company bank account, you are in a lot of danger.
- If you are a small company, consider dedicating a small laptop to do your on-line banking. You could load Linux (Ubuntu is my favorite) and a web browser like Firefox, and only use the laptop for that one function.
- Use two-factor authentication for all of your high value transactions. The better banks will help you implement this, and it is one thing that can be helpful.
- Be sure to remind your colleagues on a regular basis to be careful. Being alert is one of the strongest deterents.
One of the biggest mistakes you can make is to feel you are immune from this type of attack. Those of us who work in IT or in the security area begin to think we are bullet-proof. Not so! I found myself shocked recently after clicking on a Facebook posting that looked like it came from my daughter, and watching Microsoft Security Essentials quarantine a nasty virus. My shields were down and I suffered an attack. But this is the characteristic of a really good phishing attack. You relax into a state of trust right at the wrong time.
Now, where’s that email from my new business partner in Nigeria?