It seems innocuous enough. A simple email. Maybe it looks like it’s from someone you know; maybe it looks like it’s from an organization you interact with.

There’s a link, baiting you to click for what’s beyond. Or maybe there’s an attachment and it seems important enough to open to see what it’s about.

And then you do it. With a single click, a single download, you open the door for an attack. If you’re on a company computer or device, you may even put your entire agency at risk.

“The most devastating attacks by the most sophisticated attackers almost always begin with the simple act of spear phishing,” Homeland Security Security Jeh Johnson said recently while speaking at the Financial Crimes and Cybersecurity Symposium.

While phishing campaigns aren’t new tactics, attackers are now using phishing scams to launch an alarming number of ransomware attacks.

“A lot of people still aren’t clueing in to just how dangerous clicking links or accepting downloads from unknown sources can be,” Dave Low, director of Technology Solutions for GuidePoint Security, said.

Low was a recent presenter in a webinar with RSA that highlighted some of the many ways attackers compromise systems. He also discussed tools and strategies to keep your organization’s systems and data safe. Missed it? You can catch a recording here.

“While clicking links or downloading attachments from unknown sources can have monumental consequences on personal devices, the same behaviors on a device linked to a business or organization can wipe out an entire network, halting business, putting data at risk, and compromising reputations,” Low said.

That could be what happened to the San Francisco Municipal Transportation Agency (SFMTA) when its systems were infected by ransomware on Nov. 25. Malware encrypted the agency’s office computers and limited access to several systems.

The attack disrupted SFMTA operations, forcing the company to turn off ticket machines and open fare gates that weekend. Commuters got free transportation, but the agency ended up with a lot of headaches and extra work.

“The SFMTA network was not breached from the outside, nor did hackers gain entry through our firewalls,” Kristen Holland wrote in an SFMTA blog after the attack. “Muni operations and safety were not affected. Our customer payment systems were not hacked. Also, despite media reports — no data was accessed from any of our servers.”

Infected machines displayed the message, “you hacked, ALL data encrypted.” SFMTA was instructed to pay 100 bitcoin, about $73,000, to unlock their systems. Holland said SFMTA never considered payment and instead rallied around the clock to restore backups.

The SFMTA attack and other reports of agencies and individuals being locked out of systems following spear-phishing and ransomware attacks highlight the importance of maintaining backups and never clicking links or downloading files from unfamiliar sources, Low said.

GuidePoint can help you protect your organization’s environment and reduce your risks of attacks by analyzing your existing environment for possible vulnerabilities, and helping you build a customized information security plan to keep your systems and data safe. For more information, contact GuidePoint today at (877) 889-0132 or visit

About GuidePoint Security
GuidePoint Security LLC provides innovative and valuable cybersecurity solutions and expertise that enable organizations to successfully achieve their missions. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification is with the System for Award Management (SAM). Learn more at: