16 Oct Cybersecurity CEO: Top 5 Resources To Combat Phishing Scams During NCSAM
National Cyber Security Awareness Month is here and it’s time to protect against the most popular form of cybercrime
Los Angeles, Calif. – Oct. 15, 2019
Cybercrime smells phishy, and that’s because it is.
Of all the cybercrime statistics circulating out there, the one that really blows my mind after all this time is that more than 90 percent of cyberattacks are initiated by a phishing scam. I don’t think that percent has changed since it was published over 7 years ago.
You might think that with the emergence of newer cybercrimes such as cryptojacking, SIM-swapping attacks, and others, that we might finally see a drop-off in phishing attacks. But — no such luck.
Phishing is social gone bad. It’s about malicious people, not malware.
By now, you surely don’t need a technical explanation around phishing scams and spear phishing attacks. What you need is some sound advice to keep cyber misfits from harming you, your employees, and your organization.
So in the spirit of National Cyber Security Awareness Month (NCSAM) — observed every October — I’d like to offer up 5 valuable resources that are effective from the boardroom to the C-suite to every office, cubicle, and remote location in your organization.
5 Resources to Combat Phishing
StaySafeOnline, which is powered by National Cyber Security Alliance (NCSA), explains phishing scams, spear phishing attacks, and how they attack your email and social media. They also offer tips for avoiding being a victim, what to do if you’re a victim, and how to protect yourself.
My favorite piece of advice from them: When in doubt, throw it out. Simple but effective. If an email or social media post looks suspicious, then it probably is. So play it safe, and delete it.
Cybersecurity and Infrastructure Security Agency (CISA), part of the U.S. Department of Homeland Security, originally released information on avoiding social engineering and phishing attacks in 2009, and it was most recently revised for 2019. CISA details socially engineered cyberattacks, phishing, vishing, smishing, and how to avoid being a victim of each one.
CISA says pay attention to the URLs of a website because they sometimes look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net). The devil is in the details and you really do need to pay attention to this.
The No More Ransom Project is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre, Kaspersky Lab and McAfee with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals. Phishing scams often inject ransomware into your digital devices. No More Ransom explains how to prevent a ransomware attack.
My takeaway from them — trust no one, literally. Never open attachments in emails from someone you don’t know. No More Ransom says that cybercriminals often distribute fake email messages that mimic notifications from online stores, banks, the police, a court or a tax collection agency, luring recipients into clicking on a malicious link and releasing the malware into their system.
The American Bankers Association (ABA) is a great resource for anyone that needs to learn about phishing and how to protect themselves in plain English — using analogies such as the bait, and avoiding the hook. This is good material for newbies, the elderly, and anyone that struggles with technical terms. ABA explains how to look for scam tip-offs, how to protect yourself, and how and where to report phishing attacks.
The ABA recommends changing your security settings to enable multi-factor authentication (MFA) a.k.a. 2-step verification — a second step to verify who you are, like a text with a code — for accounts that support it. We hear this advice all the time, but way too many people don’t follow it.
Google’s Phishing Quiz is a great resource for anyone that wants to test their knowledge of phishing scams, which are becoming more sophisticated. Google says that spotting them can be harder than you think. Their quiz proves their point. You might want to ask your CEO to take the phishing quiz. It proved that I need to pay more attention. Yes, yes even a Shark can get phished. See what I did there…
The quiz tests you on 8 examples of potential phishing, some of which are based on real events such as a massive phishing attempt that infiltrated Google Doc users a couple of years ago.
My company, Herjavec Group, also launched a Cybersecurity Awareness Month initiative including a Cyber Certified Quiz so you can put your team to the test. Be sure to take part in our Cyber Hot Seat Webinar and follow our thought leadership pieces this month. You can check out our full kit and subscribe for details here https://www.herjavecgroup.com/becybersmart/.
Cybersecurity Awareness Month is a time for us to come together and share the message about how we fight the good fight against cybercrime. There’s power in unity, and we can learn a lot from each other. I hope that you found at least one valuable piece of advice here that you’ll act on today, and share with others.
To Your Success,
– Robert Herjavec, founder and CEO at Herjavec Group, and a Shark on ABC’s Shark Tank, provides insights to C-Suite Executives in his Official Blog at Cybercrime Magazine. Herjavec Group is a Managed Security Services Provider with offices and SOCs (Security Operations Centers) globally.