All organizations rely on email and access to the internet in order for employees or staff to be productive members. From banking to health care, city government and K12 schools, the problems of phishing, ransomware, sexual harassment, bullying and gun violence are issues everyone needs to be aware of and have a plan in place to address. Protection of Personally Identifiable Information (PII) is essential to any organization with employees or students that collect data that, in the hands of cyber criminals and predators, can be used for identity theft or business disruption. Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users' files unless a ransom is paid. Ransomware programs are launched when a user, unaware of the origin of an email, clicks on a link or attachment embedded or attached to that email. Predators take advantage of Bitcoin to force companies to pay significant sums of money to regain access to their files.
Different market sectors have different primary threats that can be addressed through proper training and monitoring of computer use. In K12 schools the issues are complex. Phishing and ransomware are certainly issues for school districts. However, as recent tragedies in schools have pointed out, student safety must be the highest priority. Students and employees of school districts are prime targets for sexual predators and people with the intent of doing the maximum harm to students. How can modern businesses and educational institutions protect themselves in the face of these threats?
Each organization type mentioned above is exposed to user-generated threats. Blocking and filtering technology that businesses and schools use can give a false sense of security. “I have a filter blocking email attachments and inappropriate websites. I’m good!” You hear that all the time. However, these technologies provide a false sense of security. Emails can come from domains that are not recognized as malicious and blocking of email downloads limits the productivity of any organization. Monitoring of computer usage via key words and phrases can highlight where these threats are coming from and give critical insight into who within the organization is most vulnerable and or carless in their day-to-day activities. Which is not so say that our co-workers or students are malicious in their intent. Lack of experience, curiosity and mental health issues all contribute to the growing threats organizations face. Using technology for monitoring for behavior that is risky or indicative of larger problems is essential as a part of any comprehensive approach to security.
As the saying goes…practice makes perfect. And when it comes to being able to identify phishing emails that contain viruses and malware, nothing prepares an institution like conducting phantom phishing attacks on its member employees. Employees can hear over and over about watching out for phishing emails, and then still click on one without even thinking. That’s why it’s so important to regularly perform legitimate phishing campaigns on everyone within the organization for the purpose of pointing out mistakes to people who fail and to positively reinforce the people that recognize the phishing email. Additionally, routinely engaging in basic cyber education is very important to keep everyone on his or her toes, and to keep the institution out of the huge mess that comes along with ransomware.
By Lee Ross, CEO, SlateXP & Steve Hines, President, ThreatAdvice