The internet is abuzz with the news of the phishing attack that resulted in the sharing of personal data belonging to employees of Snapchat and other firms (if you missed it, you can read the story here).
The scary thing here is that this scam really didn’t require much technical proficiency … the culprits didn’t have to hack into company servers, didn’t send 10,000 emails in the hope of getting a few suckers to respond, didn’t shut anyone down with denial-of-service attacks. They simply targeted people in HR, sending emails that appeared to be from the CEO, requesting copies of all W-2 forms for company employees. Can we forgive the harried HR staff for not looking too closely at the request, which came at probably the busiest time of year for them? Probably.
And there’s the problem: there are numerous ways to protect your network with firewalls, spam filters and other hardware and software solutions, but no one has figured out how to protect the space between your employees’ ears. Because of that, social-engineering scams like this one are often successful.
The old tech-support joke is the acronym PICNIC, standing for Problem In Chair, Not In Computer. And in this case it applies: all the malware prevention in the world won’t stop someone from replying to a legitimate-looking email.
What to do? Start with education: make sure every employee with access to your data knows about this recent case, and that they view any request for privileged information with a jaundiced eye. Better to keep the boss waiting than to release sensitive data to someone who’s not the boss at all.
And consider TotalSecure from TRG, four layers of protection to head off threats before they reach your network. Learn more here.