While physical threats to your business and staff are easier to identify and protect by a security guard company, some threats can wreak havoc on your business without the perpetrator using a gun, knife, or crowbar.
Businesses of all sizes are the potential target of ongoing cyber-attacks launched by organizations and countries hostile to the USA and our allies. The costs to American businesses exceed $1.5 Million per data breach.
And, with ever greater numbers of employees working remotely from home, the risk of bad actors gaining entry into your IT systems is greatly increased. Not only is there a potential risk of data loss, demands for ransoms, and business interruption, but the legal and reputational costs can cripple a business.
We’ve identified the more common cyber security risks and frauds that businesses face and how to counter them. With this knowledge, you’ll learn how you can prepare and harden your computer systems against these attacks.
Phishing – pronounced “fishing,” is a form of online social engineering. Phishing attacks focus on stealing user data so that the attacker can either impersonate a member of staff or customer or obtain the login credentials for staff or clients.
The social engineering component of an incursion often occurs when the attacker masquerades as someone your staff or customer will trust.
They can do this via an email inquiry, filling in a form on your website, telephoning your business or home, or even making contact through instant messaging or text messages.
Any social media accounts you and your staff and customers have, generally provide large amounts of data, including contact emails, telephone numbers, friends, colleagues, acquaintances, and geographical information, as well as educational institutions, and professional organizations to which you may belong.
All of this data is used to build a profile of you and your business so that when contact is made, the attacker can provide enough information for you to trust them and lower your natural defenses.
Inform and Train Your Staff
Your first line of defense is to be aware of the threat.
In consultation with a cyber security expert, provide your staff with an approved IT procedural manual. This will point out the potential threats and what steps your staff must take to avoid exposing the business to potential risk.
Avoiding Suspicious Links
Once your staff is aware of the type of behavior and emails and messages to be aware of, they are less likely to click on malicious links that may lead to them downloading programs or code that can expose sensitive data such as usernames, passwords, and other access credentials.
The most common form of phishing attack occurs via email. Attackers will use trusted brand names such as Microsoft, Apple, banks, as well as government departments such as the IRS to attempt to gain access to your IT systems.
What to Do When Receiving a Suspicious Email or Message
So, what do you do when you get a message from the IRS telling you that your refund is disallowed, or that your Microsoft or Amazon account password is invalid or compromised and must be reset?
Don’t click on links in emails, unless you have verified through a telephone call or other means, that the message is legitimate.
If you are expecting a message from a particular company or entity, then all it takes is for you to contact them to find out if they sent you a message. If they say they did, then access their webpage or online form through a link that you type into your browser.
When hovering your mouse over links in emails, the URL will become visible, and you can verify that the link is indeed from the organization you expect. Just be aware that the last name before “.com” is the address at which the page resides.
If, for example, you receive a link like this:
You may very well find that the page it takes you to looks like an Amazon page. But the “.support123.ru” is a warning sign that the link is not from your friendly Amazon support person but rather from a potential Russian hacking group.
Despite the effort and time that hackers spend finding your details and attempting to hack into your computer, English is often not their first language.
What to Look for in Phishing Messages
Misuse of language can provide you with the first of many warning signs that the email or message is not legitimate.
Look for unusual misspellings in company names. Also, look carefully at the name of the person sending the email or message and note any inconsistencies within the body of the message.
Threats or Negative Consequences
Any email that contains a threatening tone or requires your urgent attention should be viewed with suspicion.
Be skeptical when an email or message demands that you act immediately or else face the consequences of a failure to respond quickly.
An Unusual Message Style
Depending on who sent you the message, their style should reflect the appropriate tone and language.
The content of the message should always be consistent with the relationship you have with the person. Phishing scams often hinge on gaining access to a trusted source. The scammer will then send you a message which appears to be from this trusted person, friend, colleague, or organization.
While antivirus software, firewalls, and regular software updates do help, you and your staff deserve the very best cybersecurity training to avoid becoming the cyber-terrorist’s next victim. Contact the cyber security experts at Advance On-Site Protection Security to help you protect your business today.
Categorised in: Security Experts
This post was written by admin