It is very clear that the current landscape is replete with stories of improper intrusion and hacking of computer systems leading to improper dissemination of proprietary or other types of protected information.
Most organizations try to block the unwanted intruder (hacker) from ever gaining access to their computer systems. A common method utilized by hackers is known as phishing, which is an e-mail fraud method in which the perpetrator sends out legitimate-looking email in an attempt to get the unsuspecting victim to click on a particular link, oftentimes seeking private information. Clicking on that link may also allow for malware/viruses to enter the unsuspecting victim’s computer system. So far, we see nothing new.
I recently read that there is a variant on the phishing scheme which comes into play when a company advertises that it is seeking to fill a position. In essence, it is inviting applicants to send resumes which normally and, in fact, are expected to be sent as email attachments. The person tasked with hiring, oftentimes HR, or in smaller organizations, someone with admin responsibilities receives a series of e-mails from would-be applicants. The attachment, however, can contain malware which would not necessarily be detected.
Frankly, I found this situation to be alarming because the general rule of “don’t open e-mails or attachments from people you don’t know” realistically falls by the wayside. In fact, the refrain “you really should have known better” also falls by the wayside.
How many people has your organization hired by placing ads on websites and then sifting through the e-mail responses?
Antivirus software and keeping current on software patches are an obvious first step.
Internal firewalls with dual factor authentication may be the next step.