Posted: No Phishing
8 Emory Corporate Governance and Accountability Review 39 (2021)
37 Pages Posted: 31 Mar 2020 Last revised: 13 Jun 2021
Date Written: March 6, 2020
Abstract
Any engineering approach to cybersecurity must recognize that many breaches are the result of human behavior, rather that sophisticated malware. Effective cybersecurity defenses require a systematic engineering approach that recognizes the organizational, cultural and psychological barriers to effectively dealing with this problem. The U.S. Securities and Exchange Commission (SEC) defines “phishing” as, “the use of fraudulent emails and copy-cat websites to trick you into revealing valuable personal information ̶ such as account numbers for banking, securities, mortgage, or credit accounts, your social security numbers, and the login IDs and passwords you use when accessing online financial service providers.” Once this information is fraudulently obtained, it may be used to steal your identity, money, or both.
A review of the literature reveals an alarming lack of attention to the prevalent threat of low-technology, or low-complexity phishing attacks. Accordingly, here is a primer on the prominent exploit known as phishing, illustration of several cases, and the necessity for organizational and societal education of data users as to appropriate computer hygiene.
Keywords: computer hygiene, congressional oversight, constitutional law, corporate governance, crisis, cyber security, data mining, Definers, duties of loyalty and care, ethics, Facebook, fake news, FTC, Google, GozNym, hacking, Internet, national security, Ormerod-Trautman Cybersecurity Model
JEL Classification: D72, D74, G32, G34, J15, K00, K10, K11, K12, K13, K20, K36, K49, L82, L86, M3, M31, M37, M38, N32
Suggested Citation: Suggested Citation