|
S
O M E T H I N G P H I S H Y !
The
corporate waters have been swamped with schools of phishers (read: cyber
fraudsters). Ways through which organisations can avoid the phishing bite are…
As the corporate clock ticks towards the future, we
are slowly but steadily becoming more vulnerable to a time that is
convenient and complicated, luxurious yet precarious. While the spurt of
technology has roped in an inventory of advantages, this powerful force
does bring with it a fair share of snags as well. One such prominent and
raging peril of our technological expansion has to be the onset of phishing
scams. Phishing, one of the most general type of cyber rackets and theft
encompasses the act of attempting to acquire vital personal data such as
passwords, credentials, financial statements and more while camouflaged as
a trustworthy entity in cyberspace or the electronic media. In the
corporate context, the technical argot ‘spear-phishing’ implies the
attempts directed at sourcing information concerning specific individuals
or companies w.r.t their personal/official information. “Just like a
fisherman uses a spear to target a single fish, spear-phishing targets
select individuals. In spear-phishing attacks, emails are sent with custom
content luring the recipient to click on embedded link(s). Spear-phishing
is targeted at senior officials in a company who are expected to
possess/have access to sensitive information (read: commercial bank
accounts, personal /organisation sensitive data, etc). Spear-phishing
yields better results for fraudsters as compared to simple phishing.
Phishing continues to be one of the fastest-growing mechanisms of online
fraud,” explains Sunil Sirohi, VP, Technology Services Organisation, NIIT
Ltd.
Now that we have grasped the general idea of
phishing, we need to be acquainted with the catalog of hazards it holds.
“Firstly, business-critical data and highly confidential information are
exploited. Secondly, the attacker gains access to a large employee
database, their personal information, and private data. A phishing attack
allows access to information related to a company’s customers available
readily on the user’s computer/network,” warns Sudhanshu Pandit, director,
HR, Symantec India.
Today, many firms have been exposed to spam,
phishing or malware attacks via sites, including the social networking
ones. Employees share too much sensitive data on social networks, thus
potentially putting firms at risk. So, how can an HR manager tackle this
situation in a day and age when being socially present and technologically
advanced are requisites?
Employee education is an important weapon in the
face of scams and phishing. Explaining why so, Sirohi says, “It is
imperative for an organisation to have all its employees trained on
security. Security is not a technology problem – it is a people problem;
with the best of technological solutions in place to detect and prevent
attacks, unfortunately people still fall prey. An alert employee can not
only protect himself/herself, but also help the IT community at large
through their contribution by reporting these scams.”
In addition to the above, Deepak Kaistha, MD,
Planman Consulting suggests, “Firstly, an HR manager should self-educate
about phishing
and its risks. Then, he/she should organise awareness sessions and seminars
about the dangers of such frauds for the employees with the collaboration
of the IT team and cyber experts.”
Phishers are looking to bait you with spurious
emails and links that appear protected. The question is, will you be
‘phished’ out of the water or live to swim another day?
Lynn Lobo TAS 121121
|
No comments:
Post a Comment