In the early days of phishing attacks on the Web, users were enticed into giving up personal information. Recently, however, Serena Larson at CNN wrote about a new type of attack that rocked Google Docs users when hackers exploited the Open Authorization standard to gain access to close to a million accounts. What makes the attack so different is that instead of asking users to enter passwords, it exploited the page where users give permission to a website or app permission to access their contacts and information.
With no explicit attempt to ask for passwords, it becomes difficult to detect malicious intent. Users can now be tricked into simply giving unobstructed access to their information using a page that looks exactly like the actual OAuth authentication page. Does this mean that users are no longer able to securely access apps or websites online? Not exactly.
In a quickly-evolving cyber-security landscape, your staff must be vigilant in being able to detect and mitigate such attacks. Here are three things you can do to prepare your company against being a victim of unauthorized access.
Training and workshops
A significant amount of online incidents are a result of bad online behavior. From lax password security to opening attachments and emails from unknown senders: future problems stemming from such behavior can be avoided by using e-Learning as part of your training strategy to educate your employees about tricks they should look for and precautions they should follow.
Use Simulated attacks
Including simulated attacks as part of your anti-phishing training allows employees to apply their training in a real-world scenario and results in a much more vigilant and cyber-security aware workforce. Utilizing phishing simulation in training will allow your company to stay ahead of newer attacks and be ready to respond to attacks quicker and in a more effective way.
Establish Best Practices
Utilizing training and simulated attacks must be part of a larger strategy to establish evolving best practices that grow with each incident. Incentivizing your team to adhere to best practices in online behavior will prove effective in the long run as companies continue to become more data-centric and web-centric.
In an evolving cyber-security landscape, you and your team must be consistently on top of your strategy to combat new and upcoming attacks on your corporate information. Are you using training and simulations to enhance and keep track of your best practices? It’s critical to keep your communications and information safe and secure. How effective is your strategy?
Partner with Terranova to lower your risk with an Information Security Awareness program and Phishing Simulation campaigns that fit your needs.
Contact one of our security specialists or book a demo for more details.