Be alert to phishing scams to protect sensitive data

Prepare for data breaches with 5 tips to secure system

If you have an email address, you've probably been the target of a phishing scam. Online phishes are social attacks delivered through email or a website that attempt to scam potential victims into divulging sensitive information such as logins, passwords or personal information. This information can be used to commit identity theft or to establish a beachhead into a network.

Notable breaches that used phishing as an attack vector are the Operation Aurora attack on Google, the compromise of RSA's SecurID two-factor authentication product, and the attack on Target's point-of-sale infrastructure through a subcontractor's virtual private network account.

How do phishing attacks work?

The ultimate defense is education and being able to spot indicators of a phish. Is the message from someone you know? Are there any grammatical or typographical errors? When you hover over the link, does the URL in the bubble match the link included the message? Does the message ask for sensitive information?

Companies can institute awareness training to get employees more familiar with phishing attacks. To enhance the training and effectiveness, organizations can simulate phishing attacks, creating a teachable moment when someone takes the bait. Rather than getting infected with malware, the employee is directed to training material focused on the particular attack.

Vincent Hoang is an enterprise architect at Hawaiian Telcom, a Certified Information Systems Security Professional (CISSP), GSNA Systems and Network Auditor (GSNA) and Cisco Certified Network Professional (CCNP). Reach him at vincent.hoang@hawaiiantel.com.

Copyright (c) Honolulu Star-Advertiser

Visit this article in the Star-Advertiser