Your Agency Is Phish Food

Your Agency Is Phish Food
For ice cream aficionados, “Phish Food” is the familiar name of a Ben and Jerry’s ice cream flavor which includes chocolate ice cream with gooey marshmallow swirls, caramel swirls, and fudge fish. Phish itself is a “jam band” featuring many different genres of music with extended improvisation and instrumentals. In the compliance space however, the term “phishing” takes on a much more sinister and less enjoyable meaning.
Generally speaking, phishing is a form of social engineering, which looks to take advantage of human psychology and, in particular, looks to create a sense of fear or
urgency to manipulate a user into divulging confidential information. Frequently, phishing takes the form of an email or text message, which seeks to prod a victim into revealing confidential information.
Unfortunately, your agency is a prime target. Read on to learn more about phishing and how to prevent it from undoing years of hard work.
Gone Phishing
One example of phishing is an email from an online service advising of a security alert requiring an immediate password change with a link to do so. The linked site looks identical to a legitimate site. When the link is clicked, the unsuspecting users enter their current credentials and new password. These items are then sent to the hacker, who will use them to hack into the company for whom the employee works. What many employers may not realize is that their own employees can create significant liability risk when they are not properly educated and trained to combat this insidious form of cyberattack.
Consider the following scenario: You are the CEO of your company and an employee in your payroll department receives a phishing email which appears to come from you asking for W-2 forms and payroll information of all current and former employees. Of course, you did not send that email. That email was sent by a phishing hacker. However, when your employee divulged all this confidential information to hackers, the net result was that an extremely costly class-action lawsuit was filed against your company for this data breach.
This scenario, or some similar variation, has been successfully deployed by hackers in several cases. Even Snapchat has reported that this type of phishing attack was successfully used against them. According to a 2017 IBM study the average cost of a data breach is $3.62 million!
Typical claims which are asserted against companies in these data breach cases, caused by employees, are for negligence in failing to train employees in data security, failing to maintain and update firewalls and phishing prevention software, and failing to maintain retention, safeguarding, and destruction protocols and policies and procedures for nonpublic personal information, including dates of birth, Social Security numbers, and bank account information, all of which can be gleaned from payroll records, among other sources.
Protect Yourself
What can be done to combat this threat? Well for starters, your payroll department should be instructed, in no uncertain terms, that they are not to divulge any payroll information without first having a face-to-face conversation with the CEO of the company!
More important, however, is the concept of having a compliance system in place to set expectations and policy on data security, training your employees, audit and, in regard to social engineering attacks like the phishing attack described above, to recognize the appeal to human psychology — typically using fear or greed to motivate security compromising conduct.
So the takeaway here is that data breaches and cybersecurity will continue to represent a growing threat to each and every business in America. As Equifax and other hacking targets continue to occupy the headlines, increased regulatory scrutiny will be focused on company responsibility for data security, company response timelines to data breaches, and the cost and remedies which companies should pay for regarding consumers whose NPI has been leaked. Remember, those affected could be at risk for the rest of their lifetimes!
While we can unequivocally recommend enjoying a pint of Phish Food while kicking back and listening to your favorite tunes, a much less relaxed approach is required to prevent your company from becoming tomorrow’s news headline regarding a data security/breach or phishing event.
DISCLAIMER: Content provided in this article is intended for informational purposes only and should not be construed as legal advice and should not be relied upon or acted upon without you retaining counsel to provide specific legal advice based upon your particular situation, jurisdiction and circumstances. No duties are assumed, intended or created by this communication. No attorney- client relationship is being created by your review or use of this material. ©2018 Robert J. Wilson
More Product & Technology

Cyber F&I
Your dealer clients could only benefit from showcasing products on their websites along with vehicle inventory. Modern consumers expect to be informed and are more likely to buy products when they are.
Read More →
Road Glare to Drop a Notch?
Audi is preparing two SUV models for the American market with the automaker’s adaptive LED headlights. Its technology is designed to reduce brightness for other drivers, a growing complaint among U.S. motorists.
Read More →
AppOne Partners With RouteOne for E-Contracting Solution
By digitizing the entire contracting and funding process, the company says auto dealers can eliminate frustrating and disorganized manual processes.
Read More →
Senators Propose Chinese Connected Car Ban
Just weeks before President Trump is set to meet with the Chinese president, two U.S. senators proposed a bill with the aim of protecting Americans’ data.
Read More →
Subaru Upgrades Safety Tech
Amid increasing regulation and consumer demand, the automaker has partnered with Infineon to update its advanced driver-assistance systems with the aim of greater safety and security.
Read More →
AAMS Training and Mosaic Compliance Services Merge
The strategic combination is intended to expand technology-driven compliance solutions for the automotive industry.
Read More →
Dealership AI Use on the Rise
The most common artificial intelligence applications in automotive retail include customer communications, scheduling, reporting, marketing content and handling of online leads.
Read More →
Auto Software Collaboration Grows
More OEMs and U.S. auto parts makers joined the global initiative to leverage open-source software development for greater efficiencies and vehicle innovations.
Read More →
In-Vehicle AI Predicted to Spike
Frost & Sullivan expects a $238 billion market opportunity for the technology in automobiles by 2030 as AI applications shift to more mass-market applications.
Read More →
What to Do When Your Vendor Is Hacked
The quickest way to turn a breach into a crisis is to wing it. Follow this seven-step playbook to ensure you meet your obligations.
Read More →