Data security breaches are impacting long-standing and start-up corporations, as well as public and private entities. No one is immune from these threats and understanding the prevalence is the first step in best preventing this from impacting your organization.
Phishing is the practice of sending emails purporting to be from a reputable entity/person in order to cause recipients to reveal personal information, such as banking information, passwords, employee information, or student data.
Start-up corporations and school districts are some of the latest victims of hackers’ phishing expeditions for private and confidential data housed on company or school district databases. One of the most recent incidents involved hackers posing as the leader of the organization (superintendent, CEO, or president) to gain access to employee W-2 tax forms, social security numbers, and salary and wage information.
Ways to Identify Phishing Attacks
- Email appears out of the ordinary (sender typically does not email the recipient, no context, or asks the recipient to do something outside of his or her typical job responsibilities);
- Email address is different from name that appears as sender (e.g. email address is email@example.com, but sender is Jane Doe);
- Grammar or spelling is inconsistent or not proper; or
- Email is requiring the recipient to urgently change his or her password, provide important information, or disclose personal data.
What Can You Do
- Regularly train all employees and staff on best practices for preventing phishing attacks;
- Draft and update protocol for handling potential phishing attacks;
- Test your protocol and training sessions by sending sample phishing emails; and
- Keep up to date on the latest attacks impacting your industry.