Visiting the beautiful islands of the Seychelles a few years ago, my wife and I were amazed to discover some very friendly and wonderfully coloured fish. They were extremely tame and seemed to have no fear at all about swimming right-up to us as we paddled, lazily, in the warm waters of the Indian Ocean.
I recall that at the time, there was some excitement a few yards ahead of us – a man was dancing about at the water’s edge, holding his hands up. Strange behaviour I thought. Still, people do some peculiar things when abroad.
“Look at all these fish!” my wife exclaimed.
“Where?” I enquired.
“Here at my feet and round my legs!” she replied.
“Oh yes! They’re really cute, such bright green stripes too!” I remarked, as I waded towards her.
We spent several minutes, transfixed in rapt-vision, almost as if we were under a spell. The temptation to try to catch-one of the beautiful creatures in one’s hand seemed almost overwhelming!
“Hey!” came a small and somewhat urgent cry from the sand-prancing man in the distance. “Watch out! They bite!”
Bite? Surely not! These lovely creatures?
We took our time wading ashore.
“Oh, your legs!” I said, as I observed some small red streaks starting to appear. “Are you okay?”
We reached the dancing man. “They bite!” he said showing us his many tiny hand and leg lacerations.
“Well, I never! … What deceptive creatures!” I exclaimed.
The parallels in my tale, with the perils of phishing we all face today, maybe a little stretched, but nevertheless the lesson is a salutary one.
Take a little complacency and sprinkle it with a pinch of laziness. Wrap it in a covering of distraction and deafness to warnings. Serve it on a warm plate of unfettered curiosity and your phish-dish is all ready to snap you up in a trice (along with your data and your business) … more quickly in fact, than you can say “piranha”!
Various technical measures to defend against hacking may have been implemented in your organisation and they may well be effective. However, some phish still seem to get through the net with their temptations. So, here’s my advice, despite any advanced technology that may have deployed:
Regularly remind yourself and your staff about the threat of phishing attacks. Conduct frequent “phishing campaigns” amongst your staff to help educate them and to raise awareness of the dangers that exist.
Never click on any unknown link contained in an email (hover your curser over the link to find out where it’s actually going to re-direct you).
If you do click on a link in an email … never enter your user ID and password at the request of any pop-up screen that appears (no matter how legitimate it may look).
If you would like to discuss how to establish an enterprise phishing awareness campaign, please get in contact.