06 Apr Know your cyber threats – What are they?
Cyber security should be at the top of your list of concerns, because, whether your business has two employees or two hundred, you are still vulnerable. Cyber criminals see an opportunity and they go for it. Yes, of course they want the most return for their efforts but being a smaller business does not make you immune to their illicit activities.
Unfortunately, there is no way to guarantee that you are completely cyber safe – unless you go back to a time before computers – but that is not recommended – it would be like stepping back into the dark ages and would put your business well behind your rivals.
So, we have established we can’t just get rid of the problems posed by our tech, but we can make it as hard as possible for cyber criminals to successfully attack our systems.
Throughout this blog series we will explore the potential threats, why they are a concern to your business, and how to stop any attempted attacks in their tracks.
We will first delve deeper into factors of cyber security that are based more around your ‘human Firewall’ as opposed to that of a management perspective.
The threats, why to worry, and how to stop them in their tracks
Phishing – What is it?
Phishing is a technique used by cyber criminals whereby they assume a false identity in order to acquire sensitive information from their targets, such as bank details or account passwords. Phishing is most strongly associated with emails but scammers typically use website links, text messages and phone calls, as well as emails, to perform Phishing scams.
Whatever the method used the scammer is trying to fool the recipient into believing that the message is legitimate, from a legitimate source, and requires urgent attention – it might appear as a message from their employer, their bank, or another trusted source.
If the recipient is deceived, they may then proceed to open the email and release Malware contained in attachments, or – in the worst-case scenario – respond to the message and disclose sensitive information, account details, or passwords.
How to guard against Phishing attacks?
It is surprisingly simple to avoid being stung by Phishing attacks if you know what to look out for. Here are a few ways to know whether a website, email, or link is from a legitimate source or not:
- Be wary of URL redirects. Verify the URL of the new site against that of the legitimate site.
- Don’t reply to an email that seems suspicious in any way, even if it appears to come from a trusted source. Instead, send a new email to the individual in question using contact information you previously held for them.
- Use privacy settings on social media to keep personal information hidden. Don’t make your address, phone number or even things like your friends list available to anyone.
- Verify the URLs carefully before clicking on links or submitting sensitive information. Often scammers will try to imitate legitimate sites closely, so this is something to pay particular attention to.
- Use anti-phishing software. These widely available software programs aim to prevent users from accessing malicious links and websites by activating pop-up warnings and preventing malicious emails from ever reaching you.
Phishing scammers rely solely on deception to rob users of their data. If something doesn’t feel right, ask before you act!
What is it?
Ransomware is the name of a type of Malware that disables or encrypts files on your system so the cyber criminal that has ownership over it can extort money from their victims. They then promise to restore access if the money is paid.
Often cyber criminals use file encryption to force victims into paying the fee, and the files remain on the system but are encrypted. Cyber criminals will set time limits on payments and threaten to delete files if payment is not received.
Understandably, most business owners panic and pay the full fee as promptly as possible – but there is no guarantee that your data will be returned – they are criminals after all. Paying the fee not only doesn’t guarantee you your data back but also increases the chances that you’ll be targeted again, as the hackers then know you are willing and able to pay.
How to guard against Ransomware attacks
Ransomware has gradually become a big spinner for cyber criminals, due to its high success rate in terms of victims paying out. When it comes to Ransomware, prevention is certainly better than a cure, because there is no cure, there is no way to guarantee that your systems won’t be attacked, and that the criminal won’t be successful. If you consider the following you are putting the best preventative measures in place to keep your files out of the hands of unscrupulous hackers:
- Keep your system and software up-to-date. Cyber criminals will exploit weaknesses in out-of-date, poorly maintained software. This means keeping everything up-to-date, from your operating system to the individual programs you use as well as your anti-virus software.
- Take care with email attachments and embedded links. Don’t open any attachments or links unless you’re completely confident that they come from a legitimate source. As with Phishing, emails containing embedded Ransomware will often feature persuasive language so it’s always best to keep a cool head and proceed with caution.
- Use advanced threat protection. Use anti-malware security software from trusted vendors to safeguard your data. Employ more than just virus protection; look for threat protection suites that offer firewalls and back-up capabilities.
- Don’t pay! I can’t stress this enough. Yes, you may feel under enormous pressure to regain your files but payment is no guarantee that you’ll regain control. You’re dealing with criminals; there is every possibility that they will request further payment and even then, they may never return your files.
- Take advantage of Cloud services. Cloud services such as hosted storage limit the opportunities for Ransomware to gain entry into your system.
- Don’t enable macros! If an email attachment from an unknown source requires you to enable macros to view it, it’s best just to ignore it. The act of enabling macros itself will often infect your computer.
What is it?
Vishing is very similar to Phishing; deception is the vessel on which the crime is committed. Vishing is performed using VoIP phone systems instead of emails and malicious links.
VoIP provides a certain level of anonymity; fraudsters use this anonymity to their advantage. VoIP allows the use of features such as caller ID spoofing which make it harder for authorities to track, locate, and bring them to justice, as opposed to landline telephone services that allow numbers to be assigned to physical locations known to the phone companies and which are therefore easily accessible to the authorities.
However, the methods of manipulation used are very similar to those used in Phishing scams. ‘Vishers’ similarly to ‘Phishers’, use a sense of urgency, fear tactics, and emotional manipulation to force victims into sharing their sensitive information. A perception of legitimacy is also created using fake caller ID profiles and the use of IVR (interactive voice response) systems.
How to guard against Vishing attacks
Phones have become a staple of our lives; we all receive calls on a daily basis. Most of the calls we receive are from legitimate sources, but it is essential we remain vigilant, especially if a caller asks enquiring questions or wants you to disclose identifying or account-specific information.
The following is a guide to ensure you don’t fall victim to Vishing fraudsters:
- Stay in control – Good scammers will have an answer for everything. If you’re unsure just hang up and get on with your day.
- Don’t give in to pressure – Be wary if the caller is using emotive language to create a sense of emergency or urgency.
- Ignore unknown numbers – Legitimate callers tend to leave messages, allowing you to reach out to them.
- Be aware – Know the techniques the scammers use and keep an ear out for warning signs.
If your users learn the threats that are used to specifically target them, then it puts them in good stead to not be caught out by cyber criminals.
In the next and last blog in the series we will be taking a look at what you, as management, can do to protect your business from cyber attacks.
Keeping your team safe online – Grapevine
Are you concerned your systems are not cyber secure? Is your team properly educated on cyber security? Need some help? Grapevine can guide you to a future in which you no longer need to be concerned about the security of your digital landscape. Our years of experience ensure we are primed and ready with all the tools needed to ensure a top-quality service, now and into the future. Contact our team and let us start our journey together today.