Jun 14, 2016 Skewer the Spear-Phishers: Four Steps for Keeping Your Data a Bit Safer
The email looked perfectly safe. But it did not really come from a trusted colleague—it was merely crafted to seem as if it did. In fact, it carried malware that enabled hackers to seize a trove of sensitive, proprietary data.
That scenario has played out countless times over the past few years at both private businesses and at government agencies.
According to early reports in The Washington Post and other sources today, that’s how Russian hackers gained access to the Democratic National Committee’s “… entire database of opposition research on GOP presidential candidate Donald Trump …”
This sophisticated method of attack, called spear-phishing, entails hackers gathering personal information—often harvested from social media—about the email’s targeted recipient and purported sender, making the virus-laden email potentially all but indistinguishable from a legitimate communication.
Whether or not it turns out that the hackers did use spear-phishing to infiltrate the DNC database, this is a good moment to be aware of this risk—and to focus on mitigation.
Here are just a few key steps:
- Configure your system so that users access it through a virtual private network (VPN).
- Be sure your IT team has installed anti-virus software on all machines, including employees’ computers and actively manages patches on all machines.
- Customize your company applications to track and limit the number of confidential records that can be retrieved per day, with warnings sent to administrators if the limit is exceeded.
- Train your company’s employees on what to watch for, using example spear-phishing emails.
Site (and mobile app) security is a sophisticated, nuanced topic. If you’d like to learn more about spear-phishing or other attacks, drop us a line to set up a talk with one of our specialists.