The need for better online safety training to prevent data breaches is a hot topic right now. Coupled with stronger computer and network policies, companies want to prevent the hacking events that leave businesses susceptible to a data breach. While it’s no secret that employees in both the private sector and government service can unintentionally expose organizations to hackers, what is surprising is a report by Wombat Security that shows that 33% of CEOs fell for phishing attacks that led to network access. Why are they falling for this kind of internet activity?
First, there’s a key difference between the kinds of phishing attempts that C-Level executives fall for and those that lower-level employees are vulnerable to. Employees who click on links in emails or download videos are easy bait for hackers. At the CEO level, however, the attacks are a lot more sophisticated. Hackers use tactics like offers of conference registrations, or sending official-looking emails that claim to contain a fax they need. There have even been reports of CEOs falling for emails telling them to change the company’s social media passwords. Sophisticated scammers know how to push the right buttons with executives, making the CEO as likely as anyone else to be duped by what looked like an important correspondence.
Part of the problem is the sheer volume of phishing and spear phishing attacks. According to the security experts at Kaspersky Lab, phishing attempts are on the rise, with an 87% spike in just one year. The report reveals that the number of Internet users targeted by phishing jumped from 19.9 million in 2012 to 37.3 million in 2013.
This rise in phishing attacks may be able to be explained by a new open-source phishing tool which hackers now have access to. This tool can be used by security experts to test automated phishing attacks on a wireless network, or it can be used by hackers to launch a seemingly authentic request for a wireless password. The request mimics the user’s router configuration page, prompting the user to enter their password to continue with needed updates. When the user does this, he or she has handed over access behind the firewall, and opened the door to devastating data breaches.
Fortunately, there are several things that can be done to help keep networks secure at every level. First, remember that anyone who has access to the CEO’s email address is a source of vulnerability, so make sure that all employees are trained in keeping the network secure. Also, it is important to develop a comprehensive training program on Internet safety within the company and to make sure that everyone within the organization who touches a computer—whether it’s a mail clerk or the president—is required to attend and participate. Make these sessions part of your company’s regular training schedule, because hacking attempts are constantly evolving.
It’s also important to remember that it’s not just company computers that put the data at risk. Bring Your Own Device (BYOD), or connecting to the company’s network with a personal device, is quickly becoming the norm in company culture. Adding personal devices to the company’s network can introduce vulnerabilities and malware, so ensuring that users adhere to strict policies regarding the correct use of BYOD is a must. This is where stringent company policies for technology use, both corporate and personal, are important.