Back to my childhood fishing stories, they really do tie in here as well.  I can remember going to a fast stream to go fly fishing for Rainbow Trout and Specks as they are called. I remember seeing these kids standing on the rocks right at a large pool just near the fastest water. Someone had a spear in their hand, they were targeting, then spearing the largest and juiciest trout in the stream. I thought that just isn’t fair.  They did their research and they knew where the largest, the best fish would be and using a spear they could precisely target the ideal fish to give them the greatest reward for their efforts.

Let me introduce you to a tactic which cyber-criminals use called ‘ Spear Phishing’, this is where the criminal identifies the big fish and goes after the juicy reward. They learn about the organization they are targeting, and they learn who the “big fish” is (CEO, the boss etc.) and who the persons are that report to them. This reporting person would hold the keys to the kingdom. Busy Executives sometimes have a very direct language in their email – a command language (Terse and to the point).  They might also be intense people and not very forgiving of those who do not follow their instructions precisely. 

These emails come in as requests (demands) for Company Personal Identifiable Information (PII), like the issue that happened at Sprouts in California, where an email which appeared to be from the CEO asked for the list of all employees with all data (Employee SIN/SSN, address, etc.). The Director of HR personally sent the information for all 28,000 employees to the Phishing person whom he thought was the CEO.  He just caused a major privacy issue for this organization by simply following what he thought was a command request from his superior. This is what is known as a spear-phishing email.  Another spear-phishing example where a CFO received an email from the president informing them to wire $250,000 to a bank account as he just finished a deal.  The email purportedly told the CFO, “you know I am at this conference, and have limited access to email, please do not delay this deal needs to be closed today!”  What are people in these positions expected to do? 

It is important that we put in place checks and balances to ensure that these demands being made in the email are true. As busy executives, we need to understand the risk and create a method for our staff to validate these requests. We need to educate and empower our staff to question the validity of these requests and have them validate our email addresses before they do anything.  Perhaps as executives, we need to inform our staff, we will not request large financial transactions be performed via email only.  Perhaps these types of transactions could be handled via telephone calls or have a “Please call me if you are not sure” policy.

We need to make it a priority to protect our organization from leaking confidential information and causing financial loss.  Protecting our organizations from Cybercrime is a team effort; that we in management must commit to educating ourselves and our staff on how to recognize both Phishing and Spear Phishing attacks. 

Stay Safe and Secure.
Jeff S Brodie
Managing Partner – Codefusion Communications Inc.
Have questions? Book a free consultation call with us?

The US FBI Agency has issued a Public Service Announcement on High Impact Cyber Attack Warning and the threat it poses to its national security and business world.

October has been dedicated to Cyber Security Awareness Month.  Cyber is all things digital, all things connected which means an office, the internet, telecommunications, video streaming and you got it, even the traffic systems.  While automation in the digital world has provided us with many conveniences like instant communications around the globe, the latest information on world economics and when your child has arrived at school through GPS tracking of smartphones.  There are two sides to the blade, so to speak, one is good and one side can be devastating, the question is how do we protect ourselves?

I recall in a Karate lesson where our Sensei (instructor) said “a punch doesn’t hurt any less with your eyes closed. However, with your eyes closed you do not have an opportunity to avoid that punch nor do you have an opportunity to counter that move”.  Cyber Security Awareness month is about keeping your eyes open and realizing that we are dealing with an ongoing attack coming from all sides.  The best defence is not just a good offence it is truly a good understanding of what the threat is.  Our best defense is a prepared and trained front line.  Our employees are on the front line dealing with these threats, and unless we as leaders take an active role in helping them get educated, there will be holes that can and will hurt us.

Use October to help your team get educated about Cyber Security and how to spot an attack.  Not everyone will get it right the first go-around, however, repeat education which raises awareness in your organization is the first step to protecting your company.  Education along with a sound Cyber Security strategy including education, testing, tools and monitoring will help to fortify your organization against common attacks.  This reminds me of an old saying “An ounce of prevention is worth a pound of cure.”

Stay Safe and Secure.

Jeff S Brodie, Managing Partner – Codefusion Communications Inc.