Corporate espionage does not always entail elaborate schemes such as the ones found in Hollywood movies. Reportedly, two-thirds of breaches are the result of phishing emails sent to businesses. Employees who handle scores of internal communications and customer service-related emails on a daily basis may become lax when opening and responding to messages. Employees absolutely should be trained to be ever on the alert for phishing schemes and never assume any email is safe.
Keeping Tabs on Suspicious Activity
Employing should be trained to take anything out of the ordinary as a potential phishing scheme and to proceed with caution. Employees are well advised to:
Take Note of Odd Sending Hours
People have a tendency to do business during business hours. Granted, there are many who may only have the time to send out messages to a business during their free time, but emails sent on a Saturday at 1:30 AM should at least raise some suspicion. Employees are best served not opening an email that stands out as suspicious. Contacting the IT department may help prevent exposure to phishing malware or a virus.
Investigate Strange Email Responses
Messages that are seemingly responses to previous correspondence the employee does not recognize might be indicative that someone has compromised a password or that a hijacking virus has infected the computer and caused messages to be distributed through the company's email server. Checking the sent file is advised, since the employee can look to see if there are emails being sent by a third party.
Confirm the Legitimacy of Sensitive Requests
A common phishing scam entails sending emails to employees to request W-2 data. Employees who respond to such emails open the door to identity theft. When emails request sensitive data, employees should always double-check whether or not the email is legitimate. A simple call to human resources or the department in which the email supposedly originates will reveal if the message is or is not part of a phishing scheme.
There are many other ways a phishing scheme can be pulled off against a business. A large number of phishing attacks take advantage of "weaknesses in human interfaces". In other words, someone falls for the scheme. No matter how sophisticated an anti-virus or firewall is, human error can lead to disaster. Proper training by security professionals can cut down on instances of human error. This is why management should institute comprehensive security awareness training, possibly through a company such as CFISA, if such training currently does not exist.