HackerWhen someone mentions online security, one of the first things you might think about is the need to create long and complicated passwords for all of your accounts. Unfortunately, you need a lot more than strong passwords to keep your business safe. Hackers are turning away from cracking passwords, and they’re using even sneakier methods to gain access to personal information online.

Scams called phishing attacks can trick you or your employees into opening the door for hackers. These devious plots are usually launched over email, but can also come as instant messages or even social media posts. Generally the message will contain a tempting headline, such as “You won’t believe this photo!”, which makes the receiver curious to open the email or click on a link. Once the victim takes the bait and clicks the link, spyware is installed on the computer that allows hackers access to all sorts of personal information via a back door scenario.

Alternately, the linked website may look very official, representing a bank or some other business. The email may come with a request to reset passwords for security purposes, and once the passwords are entered the victim has basically just given them away.

In short, it’s as if hackers have figured out that it’s easier to trick someone into opening a locked door than to waste time searching for the key.

Spear phishing attacks involve the same tricks, but they’re aimed at undermining the security of a particular business. Because they’re targeted so specifically, these attacks can be much more difficult to detect and avoid. The emails received in spear phishing attacks look very official and are even addressed to specific individuals within the company.

So how do you keep your company safe? Remember, complicated passwords won’t help if your employees unwittingly give them away, or if spyware infects your computers. This issue underscores the importance of keeping all anti-virus, anti-malware, and anti-spam programs up to date.  The broadest level of protection available comes in the form of a Unified Threat Management (UTM) firewall like Fortigate, which conveniently provides protection on multiple levels. Also be sure that the latest security patches are always installed immediately for vital software programs. Finally, education is key, so make sure your employees are well informed about spear phishing and know how to recognize and prevent attacks.