Before joining ECS + My IT a year ago, I worked in the art museum world for 17 years with a rather blasé attitude towards cybersecurity. Of course, the Museum had a Network Security Administrator in the IT Department, but no one outside of that department really understood that role. For most of us, when we thought of security, we thought about the protection of the art itself, not the cyber risk. After a year working with IT professionals who are hyper-aware of cyber threats, my eyes are wide open to “phishing” emails specifically.
First, I had no clue what “phishing” was. If you’re in that same boat thinking someone misspelled “fishing”, here is a rookie explanation: Phishing is tactic where cybercriminals try to fool people to obtain company or personal information and they generally use email as their vehicle of choice (but you can also get “phished” via text messages, voicemails, phone calls, etc.). These emails seem legitimate because they appear to come from your boss, a brand you recognize, and even from your mom, and they have a malicious link, an attachment that contains malware, or ask you to do something such as purchase gift cards or change the routing number on an ACH payment. Malware can cause identity theft, drain you financially, unintentionally share private data, and wreak havoc on your company’s network [and reputation].
Since I’m talking about my first year at a top-notch IT company, I’ll focus on what it means for a business to get hacked or in other words, what are the detriments caused by a successful phishing attempt — let me count the ways. All it takes is one person clicking on a link or opening an attachment to allow a cybercriminal into a company’s network. The hacker then encrypts your company’s data and all you get is a ransom note requiring payment via nearly untrackable cryptocurrency to release the company’s data. David Bennet, CEO of Axcient (a well-known cybersecurity company) says “Dealing with ransomware attacks is increasingly important given that worldwide there is a successful attack about every 12 seconds.” As an example, in 2019 the state of Louisiana spent $2.3M on ransoms that locked up data at multiple school districts. That blows my mind!
At My IT, we have a cybersecurity awareness service that educates clients on how to identify phishing emails and how to prevent attacks like these from happening. It also monitors users by sending faux phishing emails to test them. When the user becomes a “multi-clicker” (a person who clicks on phishing links more than once over a short period of time), they are instructed to take a more in-depth (ergo longer) refresher course on cybersecurity.
So how does someone who is NOT an IT professional or cybersecurity expert spot a phishing email, you might ask. Here are some semi-novice tips:
To bring this full circle, how could phishing affect an art museum? There are databases of information of the entire museum collection – by date and value of every object. Additionally, there are databases of all members, donors, and corporate funders. This information under ransom is massively detrimental to an organization that is non-federally funded. Also, many donors would hesitate to donate to an organization that did not do its best to protect their personal information.
6620 Riverside Drive, Suite 200
Metairie, LA 70003
347 W. Bert Kouns Industrial Loop
Shreveport, LA 71106