We’re a nation that loves new technology.
Phones, tablets, laptops, and desktops are regularly upgraded, bringing us new ways of doing things. While we downloaded approximately 115 billion apps in 2016, that number is expected to reach 197 billion in 2017. We see technology touch every aspect of our lives - from handheld devices to the appliances in our homes, to the cars we drive.
Alongside ever creator, inventor or developer who is creating something good for the world sits someone who is attempting to find a leak, a hole, or some way to take advantage and find a way in. It’s human nature. It’s the way we live.
That’s what ignites news coverage of some of the biggest names in business being caught in high-profile security breaches. It happens again and again.
Hackers don’t go after small - they think big. Very big.
And while we’re perfecting the way an app runs or the user-friendliness of a device, hackers are putting their focus on perfecting the way a scam goes down.
Take, for instance, a new spear phishing campaign designed to steal Office 365 users’ credentials and attack organizations internally.
Spear phishing is an old familiar technique where hackers send emails that claim to be from trusted sources. They dupe you into clicking and disclosing sensitive information.
The hackers behind the attack craft personalized messages, and include a link or a file that leads to legitimate landing pages. They ask you to click links, enter credentials … and that’s when they have all they need.
But hackers take pride in their work too. So they hire people to help them write better. They eliminate the normal telltale signs such as misspelled words or suspicious attachments. They make even those who know what to look for take a second glance.
And once they’re in, your account is no longer yours.
Your first line of defense is multi-factor authentication, where you use a password and another form of authentication to secure your account. Office 365 already includes this function, but you do need to activate it.
The second line of defense is education. This isn’t a “train once and expect them to remember it” kind of thing. Train yourself and remind employees of ways to spot common phishing techniques, including verification of the sensibility of the requests of the message.
You can also install an email validation system which is designed to detect and prevent email spoofing.
Business as usual today means staying one step ahead of what technology brings to the market. How well are you doing with your approach?