As we near the end of 2020, we see fresh opportunities for carefully crafted phishing campaigns. The coronavirus vaccine has spurred a few of its own, and that is on top of the already heavy flood of holiday phishing attempts. From fake Christmas parties to gift card offers from your favorite retailers, the attempts to infiltrate your network are steadily pouring in. That fake link or the attached file may be what brings your operations to a crashing halt. As we have seen recently, no person, organization, or industry is immune. Transportation is a prime target as it impacts the infrastructure of so many other industries. If we want to “keep on truckin’,” then we need to protect more than just our rigs.
IT security professionals work diligently to reduce the exposure of corporate assets to cybercriminals. These methods range from the simplicity of locking workstations while an employee is away from their desk, to utilizing artificial intelligence that interprets internet traffic anomalies. Following a commonsense approach to information security can significantly reduce the potential for loss due to cybercrime.
Just like securing your load and overnighting in a safe location, we need to be aware of our cyber surroundings and guard against those threats as well.
Protect your Personal Information
If it looks too good, or bad, to be true, then it probably is. Not long ago, my wife found a link on social media offering substantial discounts on Little Tikes toys and playscapes. The link took you to a website which looked very real. Being cautious, she asked me to look at it to see if I felt it was legitimate. The excitement of seeing those deep discounts, in time to get Christmas shopping started early, almost overtook my senses. The URL was not secure, nor was it what I would expect the Little Tikes website domain to be. As it may still have been an affiliate, or a liquidator, I contacted Little Tikes directly and spoke with them about the site. They quickly informed me that it was most certainly not legitimate, and they were working to take it down. It’s not hard to produce a website and make it look almost identical to another. How many people entered their credit card information hoping to score a great deal on that present for little Suzie? How many accounts were wiped clean because a deal seemed too good to be true?
Here are a few questions to ask yourself in these scenarios:
- Do I know who it comes from?
- Does the name match the email address or website?
- Is the subject out of character for the sender/caller?
- Am I expecting this?
- Does the destination match the content?
- If it’s a website, is it secure (https)?
If you are unsure about any of these questions, call and verify that it is in fact not a threat actor. When in doubt, do not click or respond. Remember to always look at the details.
Protect your Applications
Software patches and updates are constantly being developed and distributed. Developers have the best of intentions in making their products as secure as possible. They spend innumerable hours testing their software looking for gaps, and threat actors will spend even more time looking for ways to circumvent all the safeguards that have been put in place. It is critical to keep these applications up to date in order to close whatever holes the developers have discovered.
Protect your Endpoints
An endpoint is anything used to run applications or to access data. The two most common endpoints are laptops and mobile phones. Not only is it vitally important to take the necessary steps to physically secure your mobile phone and laptop but it is also important to update the operating systems of endpoints. Sometimes, cybercriminals may want access to your mobile device simply to gain access to corporate and personal contacts that they will then use in spam and spear-phishing campaigns against corporate executives in order to gain better access to more restricted resources. A phishing email may be used to entice a user to open a link, which then downloads software onto their computer. That software then begins seeking new targets and hopes to gain access to more secured devices such as servers. Software designed to protect against this malicious software is crucial to not only protect the endpoint, but the myriad of devices it is connected to.
Safety for Pegasus’ Stakeholders
In addition to protecting yourself through these protective measures, we at Pegasus aim for the highest level of security on a daily basis. We are heavily invested in tools, programs, and talent to ensure your safety and security and that of all our stakeholders, despite the threats all around. Although you can’t stop cybercriminals from coming after you, by utilizing these methods and trusting in Pegasus and our team of experts, you can rest assured your safety and security is guarded.