|The intent was to have the executive click on the embedded link to view the full subpoena, which would download malicious software that secretly records keystrokes and sends data to a remote computer. Criminals would then capture passwords to access personal or corporate information. Researchers who analyzed the downloaded file reported that “less than 40 percent of commercial antivirus programs were able to recognize and intercept the attack.” Almost everyone is vulnerable to a well orchestrated phishing attack and this shows executives are no exception. According to a security researcher at the University of Illinois at Urbana-Champaign, at least 2,000 executives became victims of this phishing scam. What this means is that corporate executives need to be just as aware of scams as their employees.
Another way to gain access to valuable company data is by physical access. Most people are not confrontational and typically want to be helpful. Attackers prey on this basic human behavior. Many times NCX Group has gained access to server rooms by relying on the helpful nature of employees. We have discovered through our physical assessments that access to critical areas are especially easy during times of upheaval or disarray within an organization. If you are in the middle of construction, people typically become desensitized to having unknown people working within their building and tend to let their guard down. Downsizing can also be very distractive to employees as they aim to be more accommodating and helpful, thinking it might affect their job longevity.
Financial institutions are particularly vulnerable because the financial industry remains in flux. Many employees are anxious about their future employment and the stability of their institution, which could lure them into clicking on links in emails to learn more. These emails are ripe for the clicking and employees need to be very cautious when accessing any link. Physical security at financial institutions may lax during these times, too. Again, the willingness to be helpful or accommodating without following the proper security procedures can put your company at risk.
Beware of changes within the business that distract from normal working conditions. Know your business culture and keep your guard up when times are chaotic.
Your only defense is to ensure your employees have a critical understanding and vital role in protecting your information assets. This is accomplished by maintaining good policies and procedures and conducting frequent and regularly scheduled security training awareness classes. Repetition will help employees follow protocol and security measures. More eyes knowing what to watch for and being alert to deceptive tactics can keep your information safe and away from thieves.
NCX Group welcomes the opportunity to provide security awareness training for your organization. For a free consultation on how our experts can help you secure your data at a price that will fit your budget, `call us at 888-448-5451 or request a representative to call you.
NCX Group, Inc. is a leading information risk management firm specializing in the assessment and mitigation of risk associated with today’s technologies and business processes.