I have heard about two different Central Texas companies today that fell prey to a targeted phishing attack. Training is definitely part of the solution to this issue, but modern business communication technologies built in to tools like Office365 and Windows Server can enforce policies that prevent your organization from accidentally leaking sensitive information. These are usually not enabled by default.
What do you do after a breach has been discovered? The following are some helpful resources:
- FTC Page on how to respond to a data breach: https://lnkd.in/eFc3RjJ
- FTC page on how to handle an identity theft; very user-friendly and approachable: https://identitytheft.gov/
- Texas laws about identity theft and requirements for reporting. Punishments for failing to report can be as high as $50K fines per incident: https://lnkd.in/erWYSQA
This is serious stuff. Please don’t be a victim of this kind of crime. Prevention is much less painful than remediation.