Executive Summary:
Protecting your business from all the cyber threats and criminals in the world needs to be holistic in understanding the nature of the attack vectors. The weakest link in any protection and prevention plan is the person being targeted. People, by their nature, are prone to making mistakes therefore a solution needs to not only include technology is also needs to understand your business. At Lead IT Consulting we strive to understand your business so that you are fully protected.
Being too quick can be costly
The other day, like many days, I found the following in my mailbox:
At first glance, this may not seem outwardly nefarious. However, on closer inspection, how many issues or warnings can you see here?
This is what I noticed:
- The name Aaliyah does not match ronny56
- Then AaliyahDavidsonna is also info@leaditconsulting.net
- AaliyahDavidsonna is one word
- The domain Herzog.com is not Leaditconsulting.net
- The form contains no entries just 0 and na
It wasn’t until I took a moment to look, read, and comprehend this email that it became clear that this was SPAM.
In another instance, I did not take the time to scrutinize and really comprehend an email, and I nearly fell prey to an attack which was a request to change the direct deposit account for an employee. I fell so quickly that I changed the direct deposit information. Only after it was changed did I think to ask the employee, via a known secure method, what their banking information was. It was then that I learned the employee had not requested the change and I changed it back at that moment.
Think about how easy it is to discover the names of your employees.
There are innumerable sources for free. The crook takes that name and sends you an email.
From: Employee Name
Hello and happy Tuesday!
I’m sorry for the inconvenience, but before the next paycheck cycle is processed,
I would like to submit a new account since I recently updated my ACH information.
What details are necessary for the adjustment to be successful? Please let me know.
Like me, you recognize the employee’s name on the email requesting the change. The email arrives at a moment when you are very busy, frustrated, or just frazzled so you just scan the email rather than steal the moment to check the details. Bingo you’ve been scammed.
The takeaway here is that our businesses need processes that eliminate one person making all the decisions when it comes to certain processes like changing direct deposit information or sending wire transfers. No amount of technology is going to remove the opportunity for human error.
When you work with Lead IT Consulting you can expect that the answers to your challenges will not always be a technology solution. Oftentimes, the solutions are for business process recommendations and even governance. Reach out! We’d love to discuss how we might help your business with both technology and non-technology questions related to your IT and the overall security of your business.