One of the quick hits from the Symantec Internet Threat Report told me by the Symantec spokesperson was that “hackers are now spending less time attacking holes in your system and more time attacking holes in your judgment.” In other words, they’re trying to trick you rather than trick your computer.
That’s why so many more phishing attacks are hitting your inbox. The least secure part of every network, the user, will spill secrets faster than any computer. Well, not technically faster, because the computer can transfer megabytes per minute. However, users who ignore their own security guidelines, and advice from every security voice in the technical press, will spout secrets sooner than hackers can overflow a buffer.
Regard every e-mail from someone you don’t know as a pitch from a con artist. Every e-mail a ruse. Every e-mail lies wrapped in a pretty box of deceit. That will make you almost paranoid enough to keep your systems safe.
Designate one person in your company to review all suspicious e-mail. Train users to send all e-mails from what may be your bank, credit card company, or suppliers that smelly phishy to that person. Train that person how to recognize phishing attempts, and make sure their computer has more virus and spyware protection than most.
Don’t be soft-headed and let your secrets leak out.