Don’t let a phishing spear take your automotive dealership down. Make sure your employees know that cyber attacks lurk in email and social media, too.
Back when cyber security was in its infancy, IT departments regularly warned employees against the dangers of clicking on links in an email address from an unknown sender. While most people can now spot a phishing email with ease, the focus from hackers is shifting to social media. Think about it, where else do you store a mass quantity of personal information with relatively minimal security? Many social media users don’t realize exactly how much information they are sharing with individuals who may mean them harm. Today, cyber security professionals agree that the biggest threat to your organization’s security may be an employee or a vendor who is “harmlessly” browsing social media at work.
Spear Phishing Attacks
With the rise of social media comes a new form of attack, called spear phishing. This attack is a play on the original phishing attacks that spread a broad net looking for someone to take a nibble — while spear phishing is targeted directly at a person of interest to the hacker. The cyber criminal spends time online getting to know the target — getting details about their posting habits, where they like to visit, where they work, members of their family — before launching a very targeted attack. These incursions are often to someone close to the person of interest, such as a spouse or significant other. The hacker then creates a special offer that may seem too good to be true to encourage the target to click through to get more information, and then use that new relationship to gather personal information such as login names and passwords. These details are then used to break into the auto dealership’s networks to hit the mother lode of personal information found there.
Personally Identifiable Information
The key target for many phishing attacks is personally identifiable information (PII) and bank account numbers. Since auto dealerships have to gather much of this information in order to complete a sale, they are now prime targets for cyber criminals. Once criminal gains access to the organization’s network, they are able to plow through enormous amounts of data in a very short period of time — making it difficult to stop the incursion before the damage is done.
Limitations of Liability
Unfortunately, if an auto dealership or any other organization is infiltrated, that company is potentially liable for damages from the attack. Perhaps the best way to prevent this from happening is to stop the attack in the first place by adequate training of team members and a solid security infrastructure that includes regular testing. Ensuring that all Microsoft and other hardware and software security patches are in place may also help prevent or lessen the damage from attacks. In addition, dealerships and other organizations may purchase cyber liability insurance, to cover the organization’s liability in the event of a widespread cyber attack.
Preventing Cyber Attacks
Aside from mentoring staff members to never click on social media ads while they’re at work or on any machine or device that can connect to the company network, there are several things you can do to limit the possibility of a cyber attack.
- Counsel your teams to never respond to requests for their password or user information, regardless of where the question comes from. This includes phone, email, social media and websites.
- Institute an aggressive schedule for updating passwords within your network, and add stringent standards around employee password creation.
- Keep all firewalls, security patches and updates and network security software up-to-date. While this may not keep spear phishers completely out of your organization, it may slow them down and will stop some of them.
- Notify staff members of the dangers of having a public profile on social media. While it may be fun to connect with people from around the world, it’s important to educate your staff about how personally identifiable information is gathered on social media.
Once one individual within your network is compromised, the attack will quickly spread between computers and networks. People tend to trust information that comes from family or a close friend, but it’s important to educate staff that this type of attack is very wily and can fool even the wariest individuals.
Catching Problems Early
Many organizations will suffer some type of cyber attack, but what are the steps that can prevent further damage? Early warning signals are critical to ensuring that the majority of your business stays protected even during an attack and that the duration and extent of the attack is limited as much as possible. Technology firms excel at creating specialized detection and notification systems that, along with user education, can be utilized to help counter the damage caused by spear phishing. Unfortunately, these attacks can happen very quickly, and once you click on an enticing ad within social media, you may have already infected your system. It’s important that auto dealerships and other organizations do not bury their heads in the sand and ignore the problem — because it is only growing in size and scope. Without adequate safeguards in place to detect or deter attacks, businesses of all sizes are vulnerable to these unscrupulous individuals.
After the massive cyber attack on Target’s personal customer information in 2013 that was caused by one of the organization’s refrigeration vendors, cyber security professionals are much more cautious about the possibility of a repeat performance by hackers. While the security attacks that get the majority of the national media attention are the widespread attacks that target anyone who will listen and click, the spear phishing attacks are much more insidious and personalized. By utilizing the personal information of the target, hackers are constantly looking for ways to slide under the defenses of the host organization.
Don’t let these insider threats damage your business and reputation. Instead, work with Nexus IT Consultants to fully define a security structure that works for your business. Contact us today by calling (435) 659-2533 or (801) 839-7006 or sending an email to firstname.lastname@example.org, and our cyber security professionals will work with you to ensure your organization is well-protected from spear phishing and other advanced cyber threats.