Introduction

Recent figures suggest that breaches in digital information have grown more than 300% since last year, and today phishing is leading practice of hackers and cyber criminals. Individually we must be proactive. We must educate ourselves on the threats that are, in a sense, inevitable. In both a corporate and personal environment, simple and consistent practices can be the most valuable.

Every day, around the world copious amounts of data and intellectual property are stolen and exploited. The vast majority of us will be targeted at some point in our professional life – more than once – especially those who are involved in the development or maintenance in critical infrastructure.

What follows is a short overview of the common tactics that are used in stealing data from companies and individuals, as well as simple and effective tips in protecting yourself from them.

PHISHING – Don't Get Hooked!

''Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details for malicious reasons, by masquerading as a trustworthy entity in electronic communication. Spear-phishing is when specific individuals are targeted within a company, and tailored emails are created and sent to them. Attackers may gather personal information about their target to increase their probability of success. This technique is by far the most successful on the internet today, accounting for 91% of attacks'' WIKIPEDIA

On a corporate level, safeguards are put in place to reduce the amount of spam and phishing emails received. However, there will always be a number of emails that find their way through the safeguards and firewalls, forcing the end users (employees) to act as final safeguards themselves.

As an example: an employee receives an email from an unknown sender, requesting for an immediate reply due to ‘suspicious’ activity with their account. Therefore, the request would be for the specific financial information to ''resolve the situation.''

The email will be structured to create concern about the suspicious activity and distract the recipient from the sender themselves. Be particularly vigilant if you receive and email claiming consequences, or rewards, with/without an immediate response. Four red flag examples of phishing emails are as follows:

Very generic greeting or introduction – “Dear sir/madam”
Generic email address – “@quickbooks.com”
Vague context requesting immediate attention
Misspelled words and/or foreign characters

Depending on the intent of the sender, phishing emails may contain an attached file or link infected with malware. If you sense that an email is phishy, Do Not click on the link or attachment.

Targeted spearphishing emails are even more difficult to identify. Social media channels have widened the playing field and given hackers access to very specific personal information via Twitter, Facebook and LinkedIn. With that being said, if you receive a message that is personalized but feels at all suspicious, even slightly, take a few moments to re-read and re-evaluate the message. If it’s difficult to determine the sincerity of the message, it may be best to contact a friend or colleague for a second opinion.

Are you enjoying this article?? Follow us on LinkedIn.

Mind Your Passwords

The list of passwords we’re meant to remember gets longer each week. Bank accounts, credit card companies, company related safeguards – the list goes on and on. Although it’s convenient to use one password for multiple accounts, you put yourself in a very risky situation in doing so. This is why:

If just one account has a weak security system and it is breached, the hacker can use simple logic or an algorithm to uncover other accounts that belong to you. Then, the hacker will simply use that same password, or short variations of it, to access your most valuable accounts (e.g. bank accounts, credit cards, personal email, etc.)

A simple and effective strategy to avoid this situation is to create strong and unique passwords for each account; and use a password tool to store each password safety. A password tool eliminates the need to remember your passwords. The tool that my colleagues and I currently use is Password Safe, originally developed by Bruce Schneier, who is well-known in the world of security and cryptology. The tool enables you to copy a specific password from the tool directly to the password field on the respective webpage without ever seeing the password characters. Secure, reliable, quick and convenient.

The true benefit in utilizing a password tool is the ability to create strong and unique passwords without the need to memorize them. It’s much safer to have a strong password and change it once every quarter, than to create simple passwords and change them every month.

Today there are dozens of password keepers on the market. Fully customized options for your PC, laptop, tablet and smartphone at little-to-no cost. A list of the top-rated paid password managers can be found at PCMag.com.

SUMMARY

Several large companies have experienced security breaches in recent years which have been broadcast worldwide. From the standpoint of a corporation, the damage is vast and detrimental as it is not just the loss of data, money and information that companies need to worry about, but also the negative publicity and tarnished reputation that follows. A perfect example of this can be read in this issue of The Japan Times - link.

Protecting personal data and intellectual property is a top priority in today’s digital world. Security breaches and cyber-attacks are prevalent now, more than ever. Do yourself and your company a favor and be aware; take simple and effective steps to protect your personal and corporate information properly. Cheers!

Additional information:

Many sites offering information on phishing can me a scam. I have included two legitimate resources below for those who would like to learn more:

Homeland security information website: http://www.stopthinkconnect.org/

Anti-phishing working group: http://apwg.org/

Do you have a question about this article?? Please CONTACT US.

Apr 18, 2024

Oil & Gas Operations and Decision-Making in the Cloud Era

Recently, KBC launched the Acuity Industrial Cloud Suite, consolidating its simulation software solutions. It aligns with KBC's portfolio to address challenges in energy transition, process optimization, value chain optimization, and asset management. For insights, we interviewed Rolando Gabarron, a senior consultant in product management.

Apr 2, 2024

Behind the scenes of Pioneers: Pursuing objectives while also focusing on personal growth with Esmeralda Roxas

In the dynamic landscape of professional careers, the journey of growth and adaptation of Esmeralda Roxas at Yokogawa stands out. From her humble beginnings in system sales engineering for upstream oil and gas to her current role in network security, her trajectory is a testament to resilience, proactivity, and a thirst for knowledge.

Dec 21, 2023

The Necessity of Converged IT/OT SOC in Strengthening Cybersecurity for Today's Industrial Landscape

In the rapidly advancing technological landscape, industrial organizations face escalating cyber threats. To fortify cybersecurity, embracing a Converged IT/OT SOC is imperative. Yokogawa's cloud-based IT/OT SOC service provides a holistic defense, offering integrated visibility, proactive measures, and real-time monitoring. As cyber threats evolve, businesses can stay ahead with Yokogawa, safeguarding operations effectively in the cybersecurity race.

Dec 19, 2023

Yokogawa Recognised as a ‘Leader’ in Verdantix Green Quadrant for Process Safety Software 2023

Yokogawa has been acknowledged as a key software platform provider in the Green Quadrant report published by Verdantix and achieved the title of a 'Leader' in Process Safety Management. This recognition stands as a great achievement for Yokogawa, showcasing excellent performance in areas such as Control of Work, Mobile, Platform Interoperability, Integration, and Sustainability, including ESG considerations, among other notable areas.

Dec 18, 2023

Behind the scenes of Pioneers: Mahalakshmi R, Deputy Head, Yokogawa India Service: A Trailblazer in Leadership and Career Success at Yokogawa

In a recent interview, Mahalakshmi, Deputy Head at Yokogawa India Service, revealed her remarkable 28-year journey with the company. A leader in training and customer service, she has driven innovative projects and fostered a culture of success. Let's explore the key elements that have defined her leadership and career at Yokogawa.

Nov 30, 2023

Optimizing Energy Efficiency for Industrial Enterprise Buildings & Offices

Explore Yokogawa's EEMS revolutionizing energy efficiency in industrial buildings, recognizing their substantial impact on global energy consumption and CO2 emissions. This blog delves into EEMS's digital prowess for optimizing energy dynamics through real-time monitoring and a centralized platform. Uncover insights into smart meters, sensors, and communication protocol challenges and solutions.

Oct 2, 2023

Enhancing Energy Security Unveils the Power of Convergence and Yokogawa's Cybersecurity Program

In an age of looming cyber threats, the energy sector's vulnerability is glaring. Embracing IT-OT convergence is vital to combat these risks. Explore the benefits, challenges, and the pivotal role of Yokogawa's cybersecurity program in safeguarding energy systems against cyber threats. Discover more in our enlightening infographic, here: Access the infographic. Convergence merges security aspects for a unified defense, yet poses new risks. The Colonial Pipeline incident highlighted the cascading impact of IT breaches on OT systems. Yokogawa's comprehensive cybersecurity program addresses these challenges, offering tailored solutions, risk assessment, layered defense, monitoring, and employee education. Join us in fortifying cybersecurity posture.

Digital Solutions Blog

Quick Tips on Information Protection and Security

Introduction

PHISHING – Don't Get Hooked!

Mind Your Passwords

SUMMARY

Looking for more information？

Yokogawa Digital Solutions

Contact us