In the fall of 2013, a manager at a company that operates heating and cooling systems received an email from his IT department asking him to verify his Windows ID and password. Without thinking about it, he provided the information and went on with his day. What he did not know was that the email he answered was not from his IT department, but rather from hackers. Weeks later, by exploiting other vulnerabilities, those hackers had compromised one of that company’s clients and gained access to millions of credit card records. You know this as the “Target breach.”
All of that loss was caused by one person’s inability to recognize a social engineering attack. Would you know what a fake email would look like if it came to your inbox? A few years back I was trying to order a $5 trinket online when the payment information page gave me a weird error message. A week later, I found $900 worth of unauthorized charges on my account; that error message occurred because hackers had hijacked that Web page. I didn’t catch it, and I was an IT manager.
How secure is your environment? Have you evaluated all of your technical controls as well as your staff’s information security knowledge? Wipfli offers a full suite of IT and cybersecurity services, including perimeter vulnerability assessments to test your firewalls, internal vulnerability scans to ensure your systems are properly patched, IT examinations to ensure your policies and procedures are properly developed and are being properly executed, and social engineering tests to see how effective your employee training programs are. We are here to help.