Every Organization Should Worry About Phishing

You might think that phishing is just a problem for consumer-oriented organizations, such as a bank, eBay, or PayPal.

Wrong. It's a problem for everyone, because:

  • The damage to your brand if consumers get defrauded by criminals pretending to be you. This isn't just an issue for banks, but for any organization that has an online presence—especially if you're involved in e-commerce.
  • What if your employees get phished? Criminals may use phishing techniques to fool your employees into providing access to your internal systems. While the recent attacks against ChoicePoint and Lexis-Nexus weren't phishing attacks, your people need to be wary of phishers trying to steal proprietary or sensitive data from you.

Naturally, organizations need to educate their users about these threats. In the same way that users shouldn't give up the "keys to the kingdom" to someone on the phone who claims to be authorized, they shouldn't simply trust people's word on email.

There's a psychological problem here: the written word can appear to have more authority than the spoken word. Also, as a newer medium, people may let their guard down more in email than they would on the phone.

In summary: CIOs and messaging managers need to diligently promote critical judgment about privacy and protection of their digital assets.

Post a comment

You must be logged in to post a comment. To comment, first join our community.