RALEIGH, North Carolina — Cyber attacks have become more and more of a problem for companies, big and small, all around the world.
One way is to test employees’ cybersafety knowledge.
WakeMed is a business which is responsible for keeping scores of medical records safe. Plus, like so many companies, it has computer systems which — if they were hacked — could disrupt everything they do.
“I can’t think of anything more obtrusive or sensitive than someone’s personal health history, and protecting that is so important,” said WakeMed chief information officer Peter Marks.
Recently, the hospital sent out phishing email to its employees disguised as an offer for a Christmas gift to see how many would click an unknown link.
“They are predicated upon normal attacks that happen not just in our organization but in every organization,” Marks said.
Those who fell for the ploy received a letter telling them they were phished and need to attend training.
“We’ve done maybe eight or nine of these on a bimonthly basis,” Marks said.
He said it’s had an effect on reducing the numbers employees who fall for these social engineering ploys.
“The numbers have been consistently coming down, but we’re not to the point where we think we’ve lowered the risk enough,” Marks said.
CBS 17 has reported on similar problems before.
“The biggest trend right now is phishing scams where someone pretends to be someone else,” said Assistant Attorney General Hugh Harris. He spends a lot of his time educating the public about cybersecurity issues.
Last December, Harris was the keynote speaker at a seminar for small owners who learned about cyber attacks.
The seminar was run by the Raleigh-based Managed IT Solutions, whose CEO said small business owners are increasingly becoming the targets of cyber criminals.
“Mainly it’s because they are easy targets,” said Rob Downs. “Most don’t believe they are a target, so they don’t take preventative steps they need to do to make themselves less of a target.”
For big businesses like WakeMed, the challenge is trying to keep one step ahead of the bad guys.
“We also look at a lot of cybersecurity info to find out what are the latest phishing attacks we can expect and we mirror those attacks," Marks said.
The hospital said its aim is not to punish, but to educate employees.
Something else people need to think about is their own cyber safety. Because so many people use the same passwords at work and for their own personal accounts, getting hacked at work can give access to personal information, as well.