6 minutes

PhishLabs Founder & CTO Shares 4 Must-Knows about Cybersecurity

Do you do your banking, pay your bills, or make purchases online? Are your files saved in “the cloud,” even if you don’t know what “the cloud” is? Did someone email you this article? As our day-to-day online activity increases, so, too, does the threat of a cyber attack. According to a recent report by PhishLabs, phishing attacks increased by 41% in Q2 of 2017.

The Charleston-based company fights back against phishing attacks – the primary source of data breaches and online fraud. PhishLabs combines technology, human expertise, and cyber threat intelligence to provide 24/7 protection against these attacks. And since founding in 2008, they’ve raised over $8.2 million, grown a client roster of top financial, technology, healthcare, retail and insurance companies, and been recognized by Deloitte’s Technology Fast 500™ and Inc. 5000 as one of the fastest-growing technology companies in the U.S.

So when we had a few questions about cybersecurity, we knew exactly who to call. Here, PhishLabs Founder & CTO John LaCour shares 4 must-knows about cybersecurity that will keep you — and your business — safe online.

1. The threat is real for everyone.

You may think your business or personal information is mundane. Why would someone even go through the trouble of hacking you? Well, that’s not the case for two big reasons. The first reason is that many cybercrime attacks aren’t very targeted. Picking specific targets takes effort and many cybercriminals are lazy. Instead, they cast a wide net to hoover up as much data and access as they can get.

Second, cybercriminals look at you in a very different light than you probably do. “One man’s trash is another’s treasure.” That personal webmail account of yours might seem low value to you, but it can be a goldmine for a cybercriminal. A compromised webmail account can be used to send spam or phishing emails to all of your contacts from someone they presumably trust. If you’re like most folks, chances are pretty high that you reuse your webmail password for other stuff. Those accounts are now compromised, too. And what other accounts do you have that use your webmail address for password resets? Getting into your webmail unlocks all of them. Or a cybercriminal could just sell your webmail credentials to other criminals online for a few bucks.

Here’s my point: Cyberattacks pose risk to everyone. It’s not a question of if you will be attacked, it’s a question of when.

2. What’s the most exploited cyber vulnerability? Check the mirror.

Cyberattacks in the real world are different than what you see on TV. Sure, there are vulnerabilities in software that are exploited by the bad guys. But by a wide margin, most cyberattacks involve tricking you – the user – into clicking a malicious link, opening an attachment, or otherwise doing the attacker’s bidding. It’s through phishing attacks that the most widely reported threats like Ransomware, Business Email Compromise, Trojans, etc. are deployed. Why? Because even though it’s still far from perfect, there are fewer holes in software that can be broadly exploited. People, on the other hand, can’t be patched. These days, it’s easier and more reliable to trick someone into infecting themselves instead of trying to find and exploit system vulnerabilities.

If you are a business leader, one of the most cost-effective and impactful ways you can defend against cyberattacks is to have a continuous and focused training program that conditions users to spot and report phishing attacks.

3. Don’t be a soft target.   

Whether you’re an individual or a business, there are plenty of steps you can take to become a harder target. This matters. A lot. Most cybercrime is motivated by profit. The harder attackers have to work to profit at your expense, the less likely it is you’ll become a victim of cybercrime. Said differently, don’t be a profitable target. A profitable target is one that takes little work to compromise. Password reuse is a great example of people making it easy for cybercriminals because it allows them to gain access to multiple accounts by stealing just one password. Using two factor authentication is a good way to make it harder for cybercriminals. Then they must get your username, password, AND the additional factor in order to compromise your account.

4. You cannot be too vigilant online.

Most cybercrime works by exploiting trust, urgency, the desire to gain some form of reward, and/or the need to avoid pain. This attachment is an invoice that must be paid TODAY!!!  Whoops, that was ransomware, not an invoice. Here’s a link to a cute kitten video!!! Seems harmless and fun! But now you’re infected with a Trojan that can hijack your online banking account. Be suspicious of anything online. If it’s too good to be true, it probably is. If it seems harmless, there’s a good chance it isn’t.

Think about it. If you have a truly urgent problem or opportunity you need help with, would you only rely on an email or Facebook message to get someone’s attention? Of course not. You would pick up the phone and call them, too. Or walk down to their office.

If you are having a difficult time figuring out whether something is legit or not, do what you can to verify its authenticity. Google the sender, the organization, the subject line, and any other message details. If it’s a common scam, search results will confirm that it’s not legit. Look up the organization’s contact info online (don’t rely on what’s in the message). Call the person or organization that is supposed to have sent the request. Find their official email address online and forward them the email. If it appears to come from someone you know or who works in your office, speak to them in person.

Want to learn more about how to protect yourself from cyber attacks like phishing? Check out PhishLabs Q2 2017 Phishing Trends & Intelligence Report here

John LaCour is the CTO of PhishLabs. Prior to founding PhishLabs, Mr. LaCour was the Director of AntiPhishing Solutions at MarkMonitor. He has also led security threat research and product development for companies like CheckPoint, RedSeal Networks, and NetScreen Technologies.