Phishing attacks are one of the single greatest threats to ANY network today. It is estimated by Symantec in the “2014 Internet Security Threat Report” that 91% of data breaches came from targeted attack against individuals. This is an increase of 500% from 2012 and is apparently here to stay. The overwhelming majority of these attacks involved ransomware being sent as an attachment and being installed on the victim’s computer. The user has to pay from $100-$300 to get the encryption keys to decrypt their computer files, and in most cases don’t get the correct keys and just get taken by the bad guys anyway. In some cases the victims were sent to a web site that appeared reputable that held malicious content that as able to infect their computers just from visiting it. All of these attacks have one thing in common: they were sent from what was deemed a reputable source to the victim. Think about that for a second. All of the victims were sent an email with a link or an attachment from someone they thought they could trust.
So how are we supposed to do business, communicate with our loved ones and use what has arguably become one of the most useful aspects of the Internet with a relative degree of safety ever again? We can fix this with just one word. And you can even pick the word! Let me explain with a little history lesson… In the olden days (think Middle Ages, not the 1950’s) when one approached a walled city you had to have a word to pass through the gates that showed that you were trusted, hence the term “Password”. So if we want to send an email with attachment or a link to the Internet to a colleague at work we just need to agree that if the email does indeed originate from a colleague we will use a word somewhere in that email to validate that it indeed came from that person. No encryption needed. No hardware needed. Just a little behavioral change and voila! You have just stopped Phishing attack in their tracks! So as a company agree on your code word and if emailing each other make sure you use it. Make it something innocuous like “local” if it is an email within your domain and “global” if it is going to someone outside the domain. Put it in the subject line. Put it at the end of the email. Put it wherever you deem necessary, just make sure you use it. Do the same thing with family and friends and watch how fast the viruses disappear in your family and friend network.
And all without spending a dime…