Spear phishing is a form of online phishing that targets particular organizations for specific information. Spear phishing attacks are not wide-scale, generic attacks. Instead, the phisher targets a particular person or group of people within an organization that have access to valuable confidential data.
Spear phishing is a serious threat. From the West Point teacher who successfully phished information from 80% of his class to the phishing reports collected by Google before the Iran elections this year, your organization’s protection against targeted spear phishing attacks begins with your employees.
Not quite sure that phishing can cause real damage? Take a trip down to South Carolina, where just last year a security breach with South Carolina’s Department of Revenue (DOR) meant a leak of 74.7 GB of IRS consumer data, including social security and credit card numbers.
While most people are learning to be suspicious of requests for confidential information, there are three things that make phishing attacks seem valid at the time:
The source appears to be a trusted or known individual
There’s information inside the email that makes the request seem real
The request seems logical to the recipient
With such prevalent data security threats actively trying to access your information, it is vital that you establish guidelines within your organization about how you will request personal or proprietary information. Your staff needs to know that no legitimate request for information personally identifiable information will ever come via email.
If your organization tracks or monitors confidential data, the most important thing to do first is to make sure that you dispose of that data properly to prevent end-of-life data breaches. The next logical step is to is to protect that information while it is still under your control. Prioritize company-wide security measures to make sure that your employees are aware of common phishing tactics and how to avoid them.
At MPC, we specialize in helping customers manage their technology equipment at every stage of its life.When a business needs to responsibly retire devices that contain sensitive data, MPC can guarantee complete sanitization or destruction through their NAID AAA certified processes, in conformance with industry standards including NIST SP800-88 and DOD 5220.22-M for confidential information destruction.
Still thinking about how to protect your customer’s data? Check out our FREE resource guide, the Data Security Checklist for simple steps to ensure that your organization is protected.
More Tech articles from Business 2 Community:
- Will Microsoft Be First to Market With a Universal Operating System?
- Mobile Minute: Vine, Instagram Video, and Your Brand
- The Evolution of Online Payment Systems: Dwolla as a Challenger to PayPal
- Security Tutorial: Enable 2-Step Login Verification For Apple
- 2013 Trends in Backup and Disaster Recovery Solutions for Small Businesses