Close
  • About
  • IT Solutions
  • Industries
  • Cybersecurity
  • Resources
  • News
  • Careers
  • Refer Us
  • Payment Portal
  • Home
Get Support
Linkedin
Facebook-square
Twitter

ECS + MyIT Logo
  • About
  • IT Solutions
      Outsourced IT icon

      Outsourced IT

      Hybrid IT icon

      Hybrid/Co-IT

      Phones icon

      VOIP Phones

      Cloud icon

      Cloud & Network Equipment

      Consulting & Strategy

      Audits & Assessments

  • Industries
      heartbeat icon

      Compliance

      Auto dealership icon

      Auto Dealerships

      Professional IT Services hand icon

      Professional Services

      SMBs icon

      Small Businesses

      Government building icon

      Government

      Education icon

      Education

      Construction icon

      Construction

      Non-Profit organization icon

      Non-Profit

  • Cybersecurity
  • Resources
Contact Us
ECS + MyIT Logo
  • About
  • IT Solutions
      Outsourced IT icon

      Outsourced IT

      Hybrid IT icon

      Hybrid/Co-IT

      Phones icon

      VOIP Phones

      Cloud icon

      Cloud & Network Equipment

      Consulting & Strategy

      Audits & Assessments

  • Industries
      heartbeat icon

      Compliance

      Auto dealership icon

      Auto Dealerships

      Professional IT Services hand icon

      Professional Services

      SMBs icon

      Small Businesses

      Government building icon

      Government

      Education icon

      Education

      Construction icon

      Construction

      Non-Profit organization icon

      Non-Profit

  • Cybersecurity
  • Resources
Contact Us
Cybersecurity

Non-Technical Person’s View to Protect Against Phishing Emails

By Kristi Marchand 

Before joining ECS + My IT a year ago, I worked in the art museum world for 17 years with a rather blasé attitude towards cybersecurity. Of course, the Museum had a Network Security Administrator in the IT Department, but no one outside of that department really understood that role. For most of us, when we thought of security, we thought about the protection of the art itself, not the cyber risk. After a year working with IT professionals who are hyper-aware of cyber threats, my eyes are wide open to “phishing” emails specifically.

First, I had no clue what “phishing” was. If you’re in that same boat thinking someone misspelled “fishing”, here is a rookie explanation: Phishing is tactic where cybercriminals try to fool people to obtain company or personal information and they generally use email as their vehicle of choice (but you can also get “phished” via text messages, voicemails, phone calls, etc.). These emails seem legitimate because they appear to come from your boss, a brand you recognize, and even from your mom, and they have a malicious link, an attachment that contains malware, or ask you to do something such as purchase gift cards or change the routing number on an ACH payment. Malware can cause identity theft, drain you financially, unintentionally share private data, and wreak havoc on your company’s network [and reputation].

Since I’m talking about my first year at a top-notch IT company, I’ll focus on what it means for a business to get hacked or in other words, what are the detriments caused by a successful phishing attempt — let me count the ways. All it takes is one person clicking on a link or opening an attachment to allow a cybercriminal into a company’s network. The hacker then encrypts your company’s data and all you get is a ransom note requiring payment via nearly untrackable cryptocurrency to release the company’s data. David Bennet, CEO of Axcient (a well-known cybersecurity company) says “Dealing with ransomware attacks is increasingly important given that worldwide there is a successful attack about every 12 seconds.” As an example, in 2019 the state of Louisiana spent $2.3M on ransoms that locked up data at multiple school districts. That blows my mind!

At My IT, we have a cybersecurity awareness service that educates clients on how to identify phishing emails and how to prevent attacks like these from happening. It also monitors users by sending faux phishing emails to test them. When the user becomes a “multi-clicker” (a person who clicks on phishing links more than once over a short period of time), they are instructed to take a more in-depth (ergo longer) refresher course on cybersecurity.

So how does someone who is NOT an IT professional or cybersecurity expert spot a phishing email, you might ask. Here are some semi-novice tips:

  1. Before opening an email – even one from a name you know well, check the spelling of the name and the actual email address. For example, [email protected] is not a valid email address – my surname is misspelled and whilst I have worked in the UK, that is not where My IT is located. Pay careful attention to these kinds of details.
  2. If an email that you did not initiate is requesting personal information such as bank account details, date of birth, social security number, etc. call, text, or talk with the sender directly to verify the authenticity of the email. Like a lot of Gen Xers, I tend to be brand loyal, so when I got a random email from J. Crew a few months ago offering a FREE gift card, I was a little excited…until I read that all I had to do was fill out some very personal details about myself. Red flag! Thanks to my training here, I deleted the email. Goodbye perfect spring, free dress.
  3. So, you’ve checked the email address and it seems legit, but it has a link. Before you click on the link, hover over it with your cursor. If it does not seem to match the company or subject, or if you’re not quite sure, do NOT click on it. Again, call the sender for authentication or delete the email completely.
  4. With work emails, it is best practice to alert your IT department about these suspicious emails. Just today I received an email from a copier machine with an attachment, but no recognizable (to me) sender details. I forwarded it to my patient boss who knew what it was and gave instructions and approval to open the document. While it may not have been anything, it was a good idea to be cautious and keep your company apprised. Better safe than lots of money sorry!

To bring this full circle, how could phishing affect an art museum? There are databases of information of the entire museum collection – by date and value of every object. Additionally, there are databases of all members, donors, and corporate funders. This information under ransom is massively detrimental to an organization that is non-federally funded. Also, many donors would hesitate to donate to an organization that did not do its best to protect their personal information.


phishing

Leave A Reply Cancel reply

Your email address will not be published. Required fields are marked *

*

*

5 Apps To Power Up Your Productivity
Previous Article
Business Continuity: A Remote Workforce
Next Article
  • Categories

    • Blog
    • Business & Technology
    • Cloud Technology
    • Cybersecurity
    • DR & Data Protection
    • Industry-Specific Technologies
    • IT Compliance
    • News and Events


Explore

About Us
IT Solutions
Industries
Get Help
Contact

Disclaimer

Privacy Policy
Terms of Use
Master Client Agreement

Locations

New Orleans
6620 Riverside Drive, Suite 200
Metairie, LA 70003
504-888-6948

Shreveport
347 W. Bert Kouns Industrial Loop
Shreveport, LA 71106
318-219-3427

ECS + MyIT Logo
Linkedin
Facebook-square
Twitter
© 2020 My IT. All Rights Reserved.
  • About
  • IT Solutions
    ▼
    • Outsourced IT
    • Hybrid/Co-IT
    • VOIP Phones
    • Cloud & Network Equipment
  • Industries
    ▼
    • Compliance
    • Auto Dealerships
    • Professional Services
    • Small Businesses
    • Government
    • Education
    • Construction
    • Non-Profit
  • Cybersecurity
  • Resources
  • Contact Us
  • Get Support
  • News
  • Careers
  • Payment Portal