I am often asked: What is the most challenging threat I face on a daily basis? I would have to say that it is educating people on the various methods of social engineering and the impact they can have on your life. I think this comes from the fact people just want to believe in other people and do not want see the potential of something bad. These “Phishing” scams have only one purpose; they are used it to get your information and then use the information to their advantage (and your disadvantage).

Why is this so difficult? Because it is an ever changing target as the people who run these scams change their tactics on a daily basis. So it is best to learn the tactics they use so you will be able to better recognize them and avoid becoming a victim.

We can protect the computers and the network with all of the wiz bang techniques but it all fails if you say yes to one phishing email.

The following facts were taken from the SonicWALL Phishing and Spam IQ site, please take the quiz and don’t forget to let me know how you did. Take the quiz at SonicWALL Phishing and Spam IQ web site.

Phishing Facts

• $886 – The average dollar loss per Phishing Victim (Gartner, Dec 17, 2007)
  
• $3.6 Billion – The total dollar loss of all phishing victims over a 1 year period (Gartner, Dec 17, 2007)
• 3.2 Million – The number of people who fell victims to phishing scams over that same 1 year period (Gartner, Dec 17, 2007)
• 8.5 Billion – The estimated number of phishing emails sent world-wide each month (SonicWALL, 2008)
• 32,414 – The number of phishing web sites that were operational in May 2008 (Anti-Phishing Working Group)

Phishing IQ Facts

• 1,012,000 - The number of people who have taken the Phishing IQ Test worldwide
• 7.4% - The percentage of test takers who get 100% by answering all 10 questions correctly
  
• 86% - The percentage of phishing e-mails that are identifies as “phish” by the test takers
• 57% - The percentage of legitimate e-mails that are identified as “legitimate” by the test takers

How do you protect yourself from phishing attacks? By educating yourself on the phishing warning signs and then deleting the email you suspect of phishing.

A presidential advisory group made up of leading scientists has warned of possible absentee rates of 30% to 50% for an unknown duration. What should you be doing to protect your business? Evaluate your Business continuity and contingency plans to discover the impact of the possibility of mass absenteeism. A few basic guidelines should help you customize your exiting business continuity plan for this kind of disaster, in which absenteeism and an uncertainty of duration are the primary factors. Experts at the Disaster Recovery Institute International suggest the following:

Staff absenteeism could be as high as 40%:

Absenteeism is the issue to focus on for H1N1 flu and as such should be planning for workarounds in case of 40% workforce absenteeism, You need to focus on both organizing staff and enabling remote access for the greatest number of employees, who will need to stay home if their children get sick or there is an outbreak at the office. Identify and cross-train your staff. Designate which personnel/roles are critical to operations of the company; these staff members should be placed on the list to receive preventive and reactive medicines in case of an outbreak.

Staff may be uncertain what the rules and plans are in place durring the H1N1 outbreak:

Communicate the plan/policy regarding what to do if you or a household member gets sick and specifics about where to find updated information. Most companies will want to encourage people who are sick or have been exposed to the H1N1 virus to stay home.

Identify how suppliers will be affected to determine the impact on your organization:

Set up your communication strategy with suppliers now to keep apprised of the impact of the pandemic on their organization. Find out now how your organization’s service levels would be affected by absenteeism at your suppliers.

Steps you can take to aid in the preparation of your business for the H1N1 Flu:

• Test your remote access procedures, document and train employees on how to use remote access. Absenteeism doesn’t necessarily translate to non-working personnel in most cases. Employees need to access corporate systems remotely, and the remote access systems need to be prepared to handle an increased volume of users for users to be productive.
• Work with telecom providers to make sure their organizations have enough bandwidth in place and stipulate that service levels be maintained during a potential H1N1 outbreak.
• Assist with identifying opportunities for the cross training of staff.

With a little planning up front, you can minimize the impact the H1N1 flu will have on your organization. Remember, it will be too late to start planning once the flu hits your organization (at that point all you can do is react to it). Start planning today.