As unfortunate as it is, cyber security is now firmly at the top of our list of business concerns – regardless of the size of your organization, you are vulnerable. Cyber criminals see opportunity and pounce on it. Being a smaller business does by no means put you under the radar.
You cannot guarantee cyber security and anyone claiming they can is lying, but you can do the next best thing – make it as hard as possible for cyber criminals to successfully attack your systems.
Throughout this article, we will highlight some of the methods that cyber criminals use to attack and what you can do about it.
We have explored Phishing scams in one of our previous articles, but it’s worth repeating – it is one of the most common forms of cyber attack. Phishing scams are a technique used by cyber criminals whereby they assume a false identity in order to acquire sensitive information from their targets. Phishing scams usually take place via email, typically using website links, but can also come via text messages and phone calls.
The aim of the scammer is to fool you – the recipient – into believing that the message is from a legitimate source, contains legitimate information or instruction, and that it needs urgent attention. It may appear as a message from your employer, bank, colleague, or another trusted source.
If the rouse is successful, the recipient may then open the email and release malware, or in an even worse case scenario – respond to the message under the illusion they can trust the sender and inadvertently disclose sensitive information, account details, or passwords to the criminals.
How to guard against phishing attacks
It is surprisingly simple to avoid being stung by phishing attacks if you know what to look out for. Here are a few ways to know whether a website, email, or link is from a legitimate source or not:
- Be wary of URL redirects. Verify the URL of the new site against that of the legitimate site.
- If you have any suspicions about an email, DO NOT OPEN IT! Even if it appears to come from a trusted source, send a new email to the individual in question using contact information you previously held for them.
- Use privacy settings on social media to keep personal information hidden. Don’t make your address, phone number or even things like your friends list available to anyone.
- Verify the URLs carefully before clicking on links or submitting sensitive information. Often scammers will try to imitate legitimate sites closely, so this is something to pay particular attention to.
- Use anti-phishing software. These widely available software programs aim to prevent users from accessing malicious links and websites by activating pop-up warnings and preventing malicious emails from ever reaching you.
- Use a cyber security expert like mPowered IT to watch over your systems and keep up to date on security measures.
For a Phishing scammer to be successful they rely upon deception, so if something doesn’t feel right ask the person in charge of your IT for guidance.
Ransomware is the name of a type of Malware that disables or encrypts files on your system. A cyber criminal will perform a ransomware attack so they can gain full ownership over your data and extort money from you in exchange for its safe return.
Cyber criminals use file encryption to force victims into paying the fee. The files remain on your system but are encrypted – making ransomware particularly frustrating. The cyber criminals will then set time limits on payments and threaten to delete files if payment is not received within the limit.
It is completely understandable that most business owners choose to pay the full fee requested by the criminals in the hope that they are regranted access and control – but this is wishful thinking. There is no guarantee that your data will be returned – they are criminals after all. Paying the fee is in fact a very bad idea. Not only are you unlikely to regain control of your data, but you are also increasing the chances that you’ll be targeted again, as you have proven yourself willing to pay. On top of that, you’ve just supported their criminal activity, encouraging them to do more of the same.
How to guard against Ransomware attacks
Ransomware is on the rise; it has rapidly become a big money maker for cyber criminals all over the globe. But you can protect yourself. Consider the following when preparing your systems for the eventuality of a ransomware attack:
- Up-to-date systems and software are essential. Cyber criminals want easy money – they will exploit weaknesses in out-of-date, poorly maintained software.
- Be wary of embedded links and attachments in emails. Before opening any attachments or links, you must be completely confident that they come from a legitimate source. As with phishing, emails containing embedded ransomware will often feature persuasive language and appear from a trusted source, so it’s always best to keep a cool head and proceed with caution.
- Use advanced threat protection. Use anti-malware security software from trusted vendors to safeguard your data. Employ more than just virus protection; look for threat protection suites that offer firewalls and back-up capabilities.
- Don’t pay, under any circumstances! Yes, the pressure can be enormous to regain your files – but payment is no guarantee that you’ll regain control. They’re criminals.They may not return your files even after you pay.
- Take advantage of Cloud services. Cloud services such as hosted storage limit the opportunities for Ransomware to enter your system. An off-site backup will allow all your data to be restored after an attack.
- Don’t enable macros! If an email attachment from an unknown source requires you to enable macros to view it, it’s best just to ignore it. The act of enabling macros itself can infect your computer.
Knowing the threats your system is the first step to ensuring cyber security across your entire organization.
mPowered IT – Ensuring You Are Cyber Secure
mPowered IT are your go-to proactive partner in keeping IT systems secure and defended. We never leave things to chance or wait for a problem to arise – predicting and preparing for the threats of tomorrow will help ensure your valuable data is protected and your business continuity maintained. Contact us now to find out more about what we can do for you.