The US government recently released a report detailing a massive hacking campaign by Russian agents to infiltrate America's “critical infrastructure.” They hacked into things like power plants and water facilities to gather information on them.
While this is scary news, it's also rather embarrassing for our government. The Russian hackers didn't use some elaborate software to breach our defenses. They used decades-old tactics like "spearfishing," (sending someone a targeted email from a fake or compromised account) to gain access. Or they'd send them to a fake site that looked like one they used every day (like a bank site) to steal their credentials.
How to avoid getting hacked like the government
The Russians didn't hack our government's systems. They hacked it's people. A military-grade firewall and anti-virus can't stop your employees from opening a door for a hacker. However, the right training and policies can. Here are some strategies you and your employees can implement right away to stay safe
Learn how to spot spam and phishing.
Phishing emails are getting increasingly elaborate and harder to spot. However, most can still be spotted with a little common sense and forethought. First, check the email address. If you get an email from your boss, did it come from their address? Second, check the content. Does this sound like an email your boss would send you? A lot of these emails have poor grammar or spelling. Finally, don't open any attachment you're unsure of. Malicious attachments are the biggest way hackers trick you into letting them in.
Define who does what in regards to wire transfers, etc.
Many phishing emails are looking to get financial information or to get you to make a wire transfer to them. We've had several clients get a phishing email from their "boss" requesting they send money to an overseas account. In each case, they were a client who dealt with offshore wire transfers to the country in question. Fortunately, they were smart enough to call us before they took any action.
This is why clearly defined roles when it comes to financial processes are important. Determine who in your company can request a wire transfer and who can send one (these should not be the same person). Define who has access to what accounts so there is never any questions.
Never open a suspicious attachment or link.
This one is so important, we're saying it twice. Malicious attachments and links are the biggest way hackers get into your system. It's how they got into the US government's systems. Whenever you get an email with an attachment, check the name and attachment. Is it something you recognize or normally get? If you think it's safe and open it, does it ask you to enable macros? If it does, STOP. Most Office documents (especially Word documents) do not need macros.
As for links, mouse over any link you get in an email. A pop-up will appear showing you where that link goes. Do you recognize the address? Does it match the sender's email? For example, an email from Microsoft will come from an @microsoft.com address and any links should go to www.microsoft.com.
When in doubt, call your IT guy!
A good IT guy would rather field 100 false alarms from you than have you get infected. An ounce of prevention is worth a pound of the cure, as they say.
Still have questions?
Have an email you're not sure about? Give us a call at 401-272-9262.
Not ready to call us yet? Then check out our free report The Top 10 Ways Hackers Get Around Your Firewall And Anti-Virus To Rob You Blind.