Reiko Feaver, a partner in Culhane Meadows’ Atlanta office, was recently interviewed by Katalyst Technologies for an article about responding to phishing scams.
Here are some excerpts from Reiko’s interview:
“It really has to be something that you remind your employees of on a daily, weekly, very frequent basis,” says Reiko Feaver, a Certified Information Privacy Professional and Partner at Culhane Meadows PLLC. “Hackers will do the easiest thing that they can do, and the easiest thing they can do is make something look really inviting…they exploit human nature. That’s hard to avoid. You’ve got to just be suspicious.”
Now for the bigger question: what should employees do if they suspect they’ve already clicked on a scam message and potentially made information vulnerable? The first step is to report it: the faster the situation is dealt with, the more minimal the damage. If you’re even the slightest bit uncertain, the “better safe than sorry” mindset is the way to go.
“If you’re embarrassed because you thought you did something that you shouldn’t do, and you knew you shouldn’t have done it and you don’t want to tell anybody, and it doesn’t look like anything happened, in reality, something might have happened,” says Feaver. “It’s not the whole ransomware thing anymore where all of a sudden your screen goes black and you can’t do anything. They [could have] put a keylogger on there, or they put malware, and it’s running in the back and it doesn’t look like anything happened. And if you don’t tell your IT folks, then it’s just sitting there.”
The complete article can be found here.