Smaller companies at high risk for phishing attacks
A Cambridge cyber security company says small companies are at a higher risk for phishing attacks and those companies should protect themselves by regularly keeping their employees up-to-date on the newest dangers.
"Now it's all about information," Viktors Engelbrehts, director of threat intelligence at eSentire told Craig Norris, host of The Morning Edition on CBC K-W on Monday.
If you're not sure what you're doing, just don't do it.- Viktors Engelbrehts, director of threat intelligence at eSentire, about avoiding online scams.
Cyber criminals especially find smaller companies attractive, because they're not as well-equipped as large companies that have the budget to invest in sophisticated security systems.
- WannaCry most dangerous to smaller companies, says Canadian cybersecurity firm
- Manitoba, Saskatchewan small businesses need to be more aware of fraud: National accounting firm
ESentire detected four million cyber attacks in the first three months of 2017 among roughly 500 of their clients. There is also a rise in phishing and scam techniques because they are cheaper to do than complicated attacks such as hacking into a company's database.
Engelbrehts said the phishing attacks tend to be simple. "We're not talking about states attacking states," he said.
For example, you could receive a phishing email disguised as an invitation to edit a Google Doc. You would then be prompted to login to see the document, and that's how an attacker can steal your password.
Education is key
"Phishing at the end of the day can be detected," Engelbrehts said, "And it can be detected by users' vigilance."
He said companies need to invest more energy in training their employees to identify situations that could be signs of an attack. Yearly training is no longer enough because of the constantly evolving technologies.
"It goes back to basic digital literacy that a lot of organizations are missing," Engelbrehts told CBC News.
- How to defend yourself against ransomware cyberattacks
- So you clicked on that sketchy Google Docs link sent by email. Now what?
For home users who don't have access to such training, he said keeping the computer's operating system and software such as browsers updated is the best bet.
Engelbrehts also said people should start educating themselves on cyber security. There are many resources online and he said there are also many books on cyber security.
In the meantime, exercising caution on the internet will save you from trouble.
"If you're not sure what you're doing, just don't do it," he said.