Smaller companies at high risk for phishing attacks

Cyber security company eSentire reported four million cyber attacks across their 500 clients in the first three months of this year. Their director of threat intelligence said smaller companies need to invest more in training employees on cyber security.
Users can get emails disguised as invitations to edit a Google Doc. They are prompted to login to their email to access the document, which is a way of stealing passwords and other sensitive information. (Virginia Mayo/AP)

A Cambridge cyber security company says small companies are at a higher risk for phishing attacks and those companies should protect themselves by regularly keeping their employees up-to-date on the newest dangers.

"Now it's all about information," Viktors Engelbrehts, director of threat intelligence at eSentire told Craig Norris, host of The Morning Edition on CBC K-W on Monday. 

If you're not sure what you're doing, just don't do it.- Viktors Engelbrehts, director of threat intelligence at eSentire, about avoiding online scams.

Cyber criminals especially find smaller companies attractive, because they're not as well-equipped as large companies that have the budget to invest in sophisticated security systems.

ESentire detected four million cyber attacks in the first three months of 2017 among roughly 500 of their clients. There is also a rise in phishing and scam techniques because they are cheaper to do than complicated attacks such as hacking into a company's database.

Engelbrehts said the phishing attacks tend to be simple. "We're not talking about states attacking states," he said.

For example, you could receive a phishing email disguised as an invitation to edit a Google Doc. You would then be prompted to login to see the document, and that's how an attacker can steal your password.

Education is key

"Phishing at the end of the day can be detected," Engelbrehts said, "And it can be detected by users' vigilance."

He said companies need to invest more energy in training their employees to identify situations that could be signs of an attack. Yearly training is no longer enough because of the constantly evolving technologies.

"It goes back to basic digital literacy that a lot of organizations are missing," Engelbrehts told CBC News.

For home users who don't have access to such training, he said keeping the computer's operating system and software such as browsers updated is the best bet.

Engelbrehts also said people should start educating themselves on cyber security. There are many resources online and he said there are also many books on cyber security.

In the meantime, exercising caution on the internet will save you from trouble.

"If you're not sure what you're doing, just don't do it," he said.

Comments

To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.