We’ve talked before about the dangers of phishing and spear phishing attacks. These types of assaults seek to exploit what is typically the most vulnerable part of your digital security system – your employees. If a hacker sees that a company’s network is relatively tough to crack into (though no network is impossible to penetrate), he might decide to go the route of tricking an employee into unwittingly giving up information that can help him get past your data’s digital safeguards.
These schemes are inherently clever and sneaky, and unsuspecting employees can be conned. Even the White House has reportedly fallen victim to a spear phishing attack.
In a phishing attack, a hacker tries to get an employee to inadvertently log into a fake web site or install a virus on the network. The hacker is not after any one particular employee – just whoever will take the bait.
For example, the cyber criminal might send an official-looking email pretending to be from a bank or some other reputable company that your firm does business with to one of your employees. The email usually gives a reason why the employee needs to click a link to log into the account with said company.
Spear phishing is a step up in the level of sophistication, and is even more difficult to combat, because this technique makes the email recipient think the message’s sender is a trusted business colleague, who is asking for specific information that makes sense in the given context, or who is asking the recipient to open what seems to be a legitimate attachment.
Phishing and spear phishing aren’t done exclusively through emails, though. They can also involve the hacker calling employees on the phone and impersonating a co-worker or an IT staff member and asking for log in credentials or other sensitive information.
So where does the cloud come into all this? Well, while cloud-based services offer the convenience of anytime, anywhere access, they also introduce some additional security challenges that you and your employees need to be aware of.
Backupify explains that because an employee can be in a coffee shop or an airplane terminal when working from the cloud, and thus absent from her firm’s IT staff, she might be more easily tricked.
Furthermore, employees working remotely may not know all their coworkers, making it easier for a hacker to impersonate a teammate or the tech guy.
The good news is that there are things you can do to lower the chance of a cloud-based social engineering attack. The key is to make employees aware of the methods hackers use, so they possess a healthy suspicion of unusual emails, phone calls, etc.
Still, social engineering attacks are going to happen. You cannot entirely remove your risk from these or other cyber threats. Because a breach can be costly and require a large amount of resources to deal with, it is worth looking into cyber liability insurance.
This coverage doesn’t have to be expensive, but it is money well spent. The premium cost for a cyber insurance policy can be as little as $1000 for a $1 million policy limit.
Over the past ten years, INSUREtrust has written more than $100 million in premiums and paid more than $30 million in claims. Insurers are looking for business and we can find competitive pricing and terms for almost any risk.