Phishing for trouble - empower employees to protect your interests

Phishing for trouble – empower employees to protect your interests
March 9, 2020 RES Business IT

It can be very lonely running 1 IT department, managing 1 business – how do you know what key IT and business trends are, and what might be just around the corner?

We have the benefit of working with and observing 100’s of customers – so what we’re doing is pooling what we see work, what we see fail – and communicating this via our Customer Content Program to provide you ongoing fresh perspectives and learnings in many areas. (And – needless to say – if this is not for you, you can unsubscribe at any time.)

1st cab off the rank – IT security

We’ve prepared a brace of 3 articles for you around this critical issue – an issue which is ever changing, and very challenging to keep on top of.

This first article in the series focuses on so called “whale phishing” and will discuss measures you can take to stop the rot at the core ie ensuring your staff don’t fall victim to phishing attacks.

The second article will discuss some real disaster stories about what can go wrong, why the problem occurred, the damage done and how things were fixed in each case.

The third article in this series will outline a methodology you can follow to review, and then improve, your security posture.

Phishing – even Scott Morrison can’t escape!

Even as we were writing this blog, through came news of a Scott Morrison related phishing scam!

Phishing emails imitating PM Scott Morrison crop up

This is a scam targeting individuals – and we’ve all seen them:

  • Messages allegedly from a “bank” asking us to log in to solve a problem
  • Some message from “Twitter” asking us to log in to fill out more important information etc.

This mischief isn’t confined to email – we’re aware of multiple instances of individuals being called by the “ATO” re an overdue payment, to be told police are stationed outside to arrest them if they don’t make a payment on the spot over the phone.

Moving up a notch – whale phishing

Scammers have realised that a juicier prize is to get access to a business’s records and systems.

This raises the stakes with a range of negative outcomes:

  • Successful phishers could potentially drain business bank accounts
  • They could pretend to be the business and deliberately damage reputation, perhaps threatening ransom payments
  • IT system downtime – loss of productivity
  • Destruction or compromise of data – you could be held to ransom
  • Perhaps more seriously – the scammers could expose customer data.

Phishing is insidious in that its avoidance relies on individual company employees recognising the scam – so traditional IT type preventative measures such as virus software, firewalls etc won’t do the job.

User awareness and training program

ALL businesses should have in a place an ongoing user awareness program so that phishing raids don’t get past square one.

Here at Resolution Technology we represent a best practice approach as:

The good news is that there are software systems that can detect levels of risk – and also e-learning programs that are regularly updated to provide ongoing user training.

In summary – let’s repel the invaders at the gate!

Through lack of awareness, our employees may be the weak link in the chain. Let’s run targeted awareness and training programs so they won’t be tricked into divulging business information – or indeed their own.

Our trained experts will provide a free, high-level appraisal on whether your business is PROVABLY doing enough to train and support your employees, so they don’t fall for these scams and endanger your business.

Test and measure your employees’ security awareness. Start now! We’re just a phone call away!