ERP Cybersecurity: Stop Phishing Before You Get Caught in the Net!
It’s essential to consider ERP security when thinking about remote workers. After all, your entire team may be logging into the ERP system from home. Their computers may be shared by multiple family members, and their networks may be unsecured. Is this a danger to your ERP system and your company’s data?
Perhaps, but the danger is small. The real threat comes from the rise of a type of cybercrime called phishing scams.
Everyone Is Vulnerable
Nearly all companies are vulnerable to well-planned phishing attacks. Employees respond to the same psychological cues, whether they’re logging into their work or personal email. But the stakes are higher. A corporate phishing scam may cause direct financial loss, customer data breaches, bad publicity, or intellectual property theft.
Every company is vulnerable to a phishing attack. Therefore, it makes sense to plan and train against them. Forewarned is forearmed.
Phishing Attacks Defined
Unlike a direct assault on a system, a phishing attack tries to trick users into divulging usernames and passwords. The attack can come via an email, a social media message, or a phone call.
For Internet criminals to successfully “phish” your personal information, they must get you to a fraudulent website. Phishing emails almost always tell you to click on a link that takes you to where your personal information—such as credit card number, social security number, account number, or password—is collected. Legitimate organizations would never request this information via email.
Phishers rely upon visual cues like logos in a company’s email to trick people into clicking links. For example, they may send an invoice to a company using a well-known third-party payment vendor’s logo. If the company receives many invoices this way, it might go undetected. A member of the accounting department clicks the link, enters payment information, and voilà—the phishers have a way into the organization through the accounting person’s email address and data provided.
According to a security researcher, from just one email scam, there were two thousand victims of this type of phishing attack. (Read more in this New York Times article.)
Types of phishing:
- DNS-based phishing compromises your host files or domain names and directs your customers to a false webpage to enter their personal information or payment details.
- Content-injection phishing adds code or images to your website to capture personal information from your staff and customers. This may include login details. This type of phishing often targets individuals that use the same password across different websites.
- Man-in-the-middle phishing involves criminals placing themselves between your company’s website and your customer. This allows them to capture all the information your customer enters, such as personal information and credit card details.
- Telephone phishing is attempting to obtain company information over the phone by impersonating a known entity such as a company vendor or IT department.
- Email phishing includes several different ways to get employees or customers to click on a false link:
- Embedding a link in an email that redirects your employee to an unsecured website that requests sensitive information.
- Installing a Trojan via a malicious email attachment or ad, allowing the intruder to exploit loopholes and obtain sensitive information.
- Spoofing the sender’s address in an email to appear as a reputable source and request sensitive information.
ERP Cybersecurity: Protecting Against Phishing
ERP cybersecurity is generally very high. Most ERP companies take great care to secure their customer’s corporate data against cyber-attacks.
Phishing isn’t something your ERP vendor can protect against. Combating phishing begins with your employees. They must be vigilant to phishing emails and schemes and cautious about clicking links in emails.
Training is an integral part of preventing phishing attacks. Employees need to know what to look for to avoid the traps set by phishers.
ERP cybercrime exists, but the real threat lies within your company: it’s your employees. They make mistakes. But just one mistaken click in an email can send your company into a nightmarish battle against phishers. Prevention is the key to keeping cybercriminals away from your company.
Mindover Software provides ERP software consulting, training, and implementation. For more information, please, contact us or call 512-990-3994.