Your organisation’s brand and reputation are its most important assets – and if your servers fall victim to a successful phishing attempt, those assets can be severely compromised. In addition, you may well have legal obligations regarding the security and privacy of your customers’ personal and financial information.
Even with the best security, there are ways someone with malicious intent might access your account. And once an account has been compromised, the data in that account is lost – and the account typically becomes the gateway for a hacker to jump from account to account within your organisation. It can also become a portal for them to reach your customers, vendors and partners as well.
Cloud-based solutions, while inexpensive and convenient, are often more vulnerable because all a hacker needs is someone’s credentials to break in. Phishing attacks have recently moved from using “paypal-like” spoofs to mimicking common SaaS services such as Dropbox, Gmail, and business social media such as LinkedIn. They will create message that look exactly like these services and send them to your employees, luring them in to what appear to be legitimate login landing pages. And then once in, they often have access to entire suites of connected services (such as Office 365).
In some cases, the takeover is completely looped – when a suspicious email is received and the receiver does not respond but creates a new email to ask “did you send me X?” and a human is at the other end, ready to reply “yes, I sent you that file about the meeting we had” or some other plausible, genuine-sounding response. It is easy to see how even a careful, security-conscious user might be tricked.
So what do you do if you discover you or your organisation is the victim of a phishing attack? Immediately changing user names and passwords for any compromised access is a first step. You should not be using the same password for other applications – but many people do, so make sure you and your employees change any passwords that might have been the same. Common targets are email and social media networks, so it’s important to change those as well.
Immediately scan the system and all devices for malware, and take steps to remedy any you find. Also, if any credit card information may have been compromised (such as the account billing credit card if you experience a SaaS attack), contact your financial institution immediately to cancel the card and alert them to any possible fraudulent charges.
If there is any possibility of customer data having been compromised, you may have legal and notification obligations. If you are unsure, below are the entities StaySafeOnline.gov.au recommends you contact:
- The business advisory service run by your local council or state or territory government
- The Office of the Australian Information Commissioner – www.oaic.gov.au
- The Office of the eSafety Commissioner – www.esafety.gov.au
- Your relevant industry or member association
- iDcare (iDcare.org) also works with organisations of all sizes to make sure they know what to do if customer details are digitally or physically stolen. They can provide “best practice” recommendations and support for your particular situation.
Of course, the best case scenario is to avoid a phishing attack altogether. With Blutone Technologies, your system is monitored 24/7 for potentially malicious login attempts, and you are notified immediately if anything is compromised. Give us a call today and find out how you can get the peace of mind you need, knowing your system and business reputation is secure.