Sunday, December 30, 2012

CORPORATE SPECIAL...S O M E T H I N G P H I S H Y !


S O M E T H I N G P H I S H Y ! 

The corporate waters have been swamped with schools of phishers (read: cyber fraudsters). Ways through which organisations can avoid the phishing bite are…


    As the corporate clock ticks towards the future, we are slowly but steadily becoming more vulnerable to a time that is convenient and complicated, luxurious yet precarious. While the spurt of technology has roped in an inventory of advantages, this powerful force does bring with it a fair share of snags as well. One such prominent and raging peril of our technological expansion has to be the onset of phishing scams. Phishing, one of the most general type of cyber rackets and theft encompasses the act of attempting to acquire vital personal data such as passwords, credentials, financial statements and more while camouflaged as a trustworthy entity in cyberspace or the electronic media. In the corporate context, the technical argot ‘spear-phishing’ implies the attempts directed at sourcing information concerning specific individuals or companies w.r.t their personal/official information. “Just like a fisherman uses a spear to target a single fish, spear-phishing targets select individuals. In spear-phishing attacks, emails are sent with custom content luring the recipient to click on embedded link(s). Spear-phishing is targeted at senior officials in a company who are expected to possess/have access to sensitive information (read: commercial bank accounts, personal /organisation sensitive data, etc). Spear-phishing yields better results for fraudsters as compared to simple phishing. Phishing continues to be one of the fastest-growing mechanisms of online fraud,” explains Sunil Sirohi, VP, Technology Services Organisation, NIIT Ltd.
    Now that we have grasped the general idea of phishing, we need to be acquainted with the catalog of hazards it holds. “Firstly, business-critical data and highly confidential information are exploited. Secondly, the attacker gains access to a large employee database, their personal information, and private data. A phishing attack allows access to information related to a company’s customers available readily on the user’s computer/network,” warns Sudhanshu Pandit, director, HR, Symantec India.
    Today, many firms have been exposed to spam, phishing or malware attacks via sites, including the social networking ones. Employees share too much sensitive data on social networks, thus potentially putting firms at risk. So, how can an HR manager tackle this situation in a day and age when being socially present and technologically advanced are requisites?
    Employee education is an important weapon in the face of scams and phishing. Explaining why so, Sirohi says, “It is imperative for an organisation to have all its employees trained on security. Security is not a technology problem – it is a people problem; with the best of technological solutions in place to detect and prevent attacks, unfortunately people still fall prey. An alert employee can not only protect himself/herself, but also help the IT community at large through their contribution by reporting these scams.”
    In addition to the above, Deepak Kaistha, MD, Planman Consulting suggests, “Firstly, an HR manager should self-educate about phishing
and its risks. Then, he/she should organise awareness sessions and seminars about the dangers of such frauds for the employees with the collaboration of the IT team and cyber experts.”
    Phishers are looking to bait you with spurious emails and links that appear protected. The question is, will you be ‘phished’ out of the water or live to swim another day?
    
Lynn Lobo TAS 121121



http://epaper.timesofindia.com/Default/Layout/Images/TOINEW/Elements/empty.gif



No comments: