What’s the easiest way to get into a locked building? Use the key. What’s the easiest way to get the key? Get it from the person who has it.
Your network is a building, metaphorically speaking. Each device (computer, printer, network attached storage, etc.) is a room in the building and each device is protected by a user name and password, or at least should be. The user name and password are the credentials of the device, and are the “keys” to the room. Usually, in order to make our life simple, once we insert our key (user name/password) into the building (network), we’re granted access to the rooms (devices) our gatekeeper/keymaster (network administrator) has decided we can go into.
Because we’ve become more security conscious over the past few years (we don’t use the password “password” or “123456” anymore…do we?!), the bad guys (hackers) have become more sophisticated. They use various methods to get the keys. Some use social engineering. Others use brute force attacks. And still others prey on the lack of computer knowledge of network users.
The last group uses “phishing” expeditions in order to get the keys. This is a play on words on “fishing expedition”. On a fishing expedition, we go out and see how many fish we can catch. We target our area, throw out the line, which has bait on it, and see what happens.
A phishing expedition is no different. The bad guys send out hundreds of thousands of e-mails that have malicious content, and see how many take the bait. Once the targets take the bait, it’s pretty much over with. Some of the malicious payload may be a virus or Trojan that captures your “keys”. Others may be ransomware that encrypt your hard drive and demand money in order for you to get access to your files again. Regardless of the payload, it’s all bad, which is why we call it “malware”, “mal” being the Latin word for “bad”.
Phishing expeditions are not limited to just gaining access to work networks. They can also be used to gain access to bank accounts, credit card accounts, or any other password protected site.
So how do you protect yourself or your company? At PCMDX we take a multi-level approach. Securing the perimeter is very important. We use a firewall to do so. This prevents the bad guys from simply walking into your network through an unlocked door.
We also protect all of your devices by using anti-malware software, applying patches and updates on a regular basis, and making sure there’s no vulnerabilities on the network, such as devices that have out-of-date firmware, or computers with out-of-date operating systems, such as Windows XP or Windows Server 2013
We also believe in training and education. The more your users know about how to protect themselves, the easier our job is, and the more secure your network becomes.
Keeping your network secure is not a one-time thing. It requires regular maintenance, and regular training. Every time the good guys find a way to block the bad guys from gaining access to the network, the bad guys come up with new ways to break in.
Here is a test that you can take yourself or give to your staff to find out how much you and they know about phishing expeditions. If you score below a 100%, give us a call so that we can begin to secure your business or network.
PCMDX is based in Hoover, Alabama and serves businesses that have 15 computers or less in Alabama, Mississippi, Western Tennessee and the Florida Panhandle. If you’re a merchant that takes credit cards, you’re required to be PCI Compliant and PCMDX can take care of all of your PCI Compliance needs. If you’re a medical practice, you need to be HIPAA compliant, and our engineers are HIPAA specialists.
Call us today for your free consultation at 205-201-0389 or via e-mail at pcmdxal@gmail.com .