What is the worth of information Security in 21st century? Imagine small or medium scale business having around 2500-4000 employees working. What if there is a data bridge of small or medium scale compony? Information carries by Venture are employees’ names, Address, Banking Forms, Tax forms which also includes Social incurrence Number and their dependents names and supporting information which may be sell or used for personal blackmails by intruders which was kind of storyline of Scotty’s Holdings data bridge[1]. Main base of this data bridge was email phishing which were send to all over compony employee pretending to be CEO. Which contains Employer identification number (EIN), Employer’s name, address, and ZIP code, Wages, tips, other compensation and many more fields. But it’s not the first or last compony to be a part of Email phishing Attack. Main purpose of Email Phishing scams is stealing banking credentials or any other form of credentials.
Preventions Employer and Employees should take care to avoid Email Phishing attack over there compony are as follow. There should always basic awareness training provided to employees showing some sample of phishing email. However, Story doesn’t end their employers need to install auto email filters and spam detector which decrees the impact rate. As email filters engine reads subject like “You won’t believe what I’ve found” or “Invoice of Goods and Services” Which will automatically be filtered out. If not, then employees should always double check with certain department in-person. Logs of Email Servers should always be subjected. Every broadcast and forwards should be approved by authorities or limited to certain number under province privacy act. During the training employees should educate on how to handle technology by showing some validations techniques to identify trustworthy sources and fraud sources. There should always guidebook handed to each employee regarding prevention of most occurring cyber Threads.
Subcategory of phishing Attack is claiming first copy of website to be legitimate website. To Avoid or spread awareness among the employees, Employer regularly does the cyber-attack seminar which should spread awareness how to detect legitimate website. Some of the golden rule is always check for homograph of website, Identify the partner of compony, Check for the certificates which should match organizational details and lastly, look for source of the link.
Every Assert should be logged including the network traffic and unattended device logged in session. Use third party or own login record keeper software to take track of the user of certain computer. Software should always have support to access unattended device using master credentials. However, Application should also support creation of certain level of user which should have limited access. For example, Data analysist should not have access to HR Admins rights to view the depth of data of each employee. Each employee should remember device credentials or store using some password keeper like 1Password, KeePass, LastPass and many other which reduces the forgot password request which the angle is used by intruder to perform phishing mails.
Social engineering is form of gathering information of victim which may be used for guessing password or getting into the system. Phone Phishing for Compony Information which can be prevented by educating employees by telling to install call detector like Truecaller. Such application will block the most common scammers phone number.
Due to the
Firewalls and other defense techniques, Attacker can’t execute attack from outside
of network so to secure this endpoint. Unauthorized personnel following employees
into restricted area should be limited by following certain rules. Every
single assert should be only accessible by RFID Card, PIN Code or Bio-metric
reader. Internal network should be having cluster designed. There should always
video surveillance installed all over the Campus. Every Visitor should have access
card with limited authority.
“Do you think is this the end of learning of cyber threats?”
Answer is BIG NO. Employer should always encourage employees to updated on Information Security.
Credit:
Charvik Patel
[1] https://fox59.com/news/every-scottys-brewhouse-employee-affected-by-data-breach-scammer-gets-copy-of-all-w-2-forms/
5 uppar Bhai. Good work
ReplyDeleteGood job bro
ReplyDeleteGreat Work!! All the Best!!
ReplyDeleteKeep it up buddy 👍✌
ReplyDeleteThanks !
DeleteIt is very interested topic keep putting nice content like that great work it is very useful for professionals
ReplyDeleteAll the very best for this work.
ReplyDeleteThanks for supporting!
DeleteGreat job
ReplyDeleteGreat Information about Cyber Threat. And also other information as well. Thanks guys for the information through you Informative site. Awesome website with great Information.
ReplyDeleteHope for more and more information.
Good Luck guys !
Keep up the good work
ReplyDeleteThanks
DeleteVery good and nice content. It will help the people to protect from the cyber threats. Fantastic work team and wonderful work.
ReplyDeleteThanks
Thanks you
DeleteNice article about cyber security. I would love to read another great articles like this. Keep the good work.
ReplyDeleteThanks Mahek!
DeleteNice work. Such a wonderful article on Cyber threats.
ReplyDeleteKeep it up guys !
Thanks Kaushal
DeleteVery nice..... I really like your blog😍
ReplyDeleteThanks
DeleteBest Aritical on Cyber Threats
ReplyDeleteGreat Job.
Nice Article Great Job👍
ReplyDeleteThanks Pruthvi
DeleteVery good, This information is essential and informative which you have shared here. Read more info about AML Software south africa. It is beneficial for beginners to develop their knowledge. It is very gainful information. Thanks for share it.
ReplyDelete