Passwords Exposed in Google Searches
We’ve all heard about the importance of protecting your passwords. For almost half a year, a phishing campaign was targeting corporate Microsoft Office 365 accounts. That is not unusual or out of the ordinary. The unusual part is the hackers exposed the stolen credentials online, allowing for them to be found in Google searches. This was recently discovered by cybersecurity companies CheckPoint and Otorio. These two companies also reported that the most prevalent victims reside in the construction, energy, and IT sectors.
Phishing for passwords
As we have discussed previously, phishing emails are one of the most common attacks by cyber criminals. They are relatively easy to perform, inexpensive to run, and can be almost completely automated. Most importantly, phishing is very successful. While the success rate per email might be low, all it takes is one username and password from the victim organization to grant access to the entirety of the small business.
Protect your small business
The first thing a small business can do is to train its employees. Human error is the leading cause for successful phishing attacks. This can happen for many reasons, one being employees receive little or no training in identifying the warning signs of phishing. Another reason being, employees are just in a hurry to do their work. A small business can easily address the former, while the latter is normal work behavior. The goal is to minimize the chances of a successful phishing attack, while still ensuring your employees can do their jobs efficiently and effectively.
Email security
We have previously discussed some of the tools a small business can utilize to better protect themselves. There are solutions that can help minimize the chances of falling victim to phishing, while many professional email services offer more robust security you can purchase. These solutions can scan your emails for malicious links and attachments. Another solution can aid in verifying if the email you received from a coworker is actually from your coworker and that it wasn’t spoofed. There are a variety of solutions with many of them available from your email provider for either free or a small fee.
For more on phishing scams and other cybersecurity trends, tips, and threats checkout Small Business, Big Threat for more.