Merry Halloween! As someone who does not have a sweet tooth, my enjoyment of the holiday is centered on the costumes rather than the candy. It never ceases to amaze me how much time and effort people put into these, especially the handcrafted ones of movie characters.
My weekend highlight was meeting a Jack Sparrow who looked like he’d stepped off the set, complete with off-kilter stride – in cyber parlance, a pretty sophisticated phishing effort. I hope your Halloween is filled with sweets rather than tricks!
Problems with Trust
It’s Cybersecurity Awareness Month, and the topic for this year is “See Yourself in Cyber.” A SailPoint survey highlights the importance of continuing education as new generations enter the
workforce: In comparison, only 1% of Baby Boomers would open a questionable link or attachment.
According to Gantt-Evans, utilizing corporate email for personal purposes can provide access points for rogue actors into corporate infrastructure.
“If credentials are hacked and a corporate account is taken over, the consequences might be disastrous,” she said. “Once a doorway is opened, threat actors can easily build footholds, steal data, and deliver malware.”
Using a business email for social networking or streaming accounts is also a terrible idea, according to Gantt-Evans.
“If you move employment and have tied your work email to personal accounts, account recovery will be far more difficult, if not impossible, because those email addresses likely no longer exist,” she said.
According to Gantt-Evans, the greatest method to increase cybersecurity is to practice basic cyber hygiene while also planning for a breach.
To reduce the danger of phishing and other typical assaults, Gantt-Events suggests employing the following strategies:
- Limit the use of Remote Desktop Protocol and make sure it is behind a VPN with MFA.
- Create capabilities for email hygiene, browser isolation, and endpoint detection and response.
- Regular phishing awareness training and phishing testing should be conducted.
- For emails from outside the organization, use “external” markers in the subject line.
- Email clients should include a phishing report button.
- Patch all software on schedule, and make sure software centers and golden images are up to date.
On behalf of SailPoint, the market research firm Dynata conducted a survey of 500 U.S. workers employed by companies with 2,500 or more employees.
