There is no longer any doubt - cyber security must be at the very heart of your business concerns – especially bearing in mind that the levels at which cyber threats are growing and evolving are alarming to say the least. Alongside the massive rise in frequency and severity of cyber attacks around the world comes a sort of obliviousness to them. Many make the claim ‘my business is too small for anyone to bother attacking me’ or ‘they would rather attack a massive company than me, I'll just sneak in under the radar’, but this mentality will be their downfall. Criminals are opportunistic. We understand why small to medium business owners may have the attitude that they aren’t going to be attacked but being a bit smaller than the competition doesn’t mean that you are immune from attacks.
If anything, being a smaller business puts you higher on the radar of cyber criminals. All that this points out to them is that your security measures aren’t as sophisticated as the larger businesses and will be easier to penetrate. We wish we could guarantee that you won’t be attacked, and if you are it won’t be successful, but, unfortunately, this isn’t possible. With cyber attacks evolving and growing in sophistication by the day we can recommend some steps you can take to make it as hard as possible for them to successfully attack your systems.
We will now explore the potential threats to your systems, why they should worry you, and what you can do to halt any attempted attacks before they begin.
Let’s take a look at the user influenced side of cyber security - known as the Human Firewall.
Cyber threats – A user’s perspective
Phishing attacks are one of the most common forms of cyber attack. A Phishing attack requires the cyber criminal to take on a false identity, which they do to create a sense of security in the recipient. It is this sense of security (if the ruse is believed) which leads the recipient to grant the cyber criminal access to sensitive information (such as bank details or passwords). Most commonly Phishing scams are performed via email, but there are other methods, including text messages (known as Smishing), and phone calls (known as Vishing). With the many ways that the attack can be carried out, Phishing scams have become very popular with cyber criminals.
All forms of Phishing attacks are the same in the way they are carried out. The aim is always to create a false sense of security and even trust from the recipient to make them follow instructions. The cyber criminal is trying to get the recipient to believe that both the message and the source are legitimate. They then cleverly create a sense of urgency to make the recipient react on impulse and panic – the cyber criminal will often pose as an employer or the recipient’s bank to gain this trust. If what appeared to be your bank emailed you saying ‘you have 5 minutes to change your online banking password, or we will lock you out’ you are likely to follow the procedure there and then.
If the deception is successful, the recipient will inadvertently release Malware that was contained in the attachments. Some even reply to the message, thereby opening a whole new problem for themselves – doing this can open the doors to your entire system, disclosing sensitive information, account details, or passwords.
Phishing attacks – Protect yourself
You would think that they would be harder to defend against than they are due to the potentially business defining consequences of an attack being successful, but Phishing attacks aren’t difficult to defend against – if you remain vigilant and know what you are looking out for. We will now list some of the ways you can tell whether a website, email, or link has come from a legitimate source.
1. Always stay vigilant. It should become common practice to verify the URL of any new site when compared to the one you have on record as the legitimate one.
2. You know that saying ‘If it doesn’t feel right, it probably isn’t!’? Well, this is true for IT. Never – under any circumstances - reply to an email that even remotely fills you with suspicion. No matter how busy you are you must take time to think. Find the trusted URL you have on record and email the individual or business to those details; you will find that the reply will answer the question for you as to whether they were the trusted source or not.
3. Use the privacy settings provided whenever possible! On social media, in particular, it is shocking how many don’t have their security settings working to their full capabilities, because just by doing so personal information will be kept hidden and out of reach of cyber criminals. Don’t make any personal information available freely obviously, this means your address or phone number, but even your friends list. Why do people that don’t know you need to see who you are friends with? It sounds like overkill but be guarded and presume that you are the cyber criminal’s next target.
Defending your systems against Phishing attacks isn’t hard. It always comes back to one key point – be alert and think!
Ransomware is a form of Malware; it works by disabling or encrypting the files on your system and in the process grants full ownership of your data to the cyber criminal. The cyber criminal has little or no interest in using your data, but simply threatens to delete it or sell it on the dark web unless they get a ransom. Then they claim that if you pay the ransom they will return your access and data.
The cyber criminal will again evoke a feeling of urgency onto the recipient, and do this – again - by placing a time limit on the ransom - if it is not paid, they claim they will delete your data. This sense of urgency often forces them to do as they are told before they have had time to think about the right course of action.
Let’s face it, you can’t blame business owners for paying. Being faced with highly stressful situations isn’t easy – we want them over as quickly as possible and will do anything to make that happen. But, paying doesn’t guarantee that everything is going to be alright. In fact, it is likely to have the opposite effect. Think about it - they are criminals – would you trust a burglar to give all your stuff back if he had robbed your house and promised to give it back in exchange for money? No, of course you wouldn’t, because paying only makes it more likely that you will be attacked again, and doing so simply advertises not just your financial ability to pay but also your willingness to as well.
Ransomware attacks - Protect yourself
Ransomware is quickly becoming the cyber criminal’s preferred method of cyber attack. This is probably due to its very high success rate in terms of payouts. You, unfortunately, cannot – as we mentioned earlier - guarantee that your systems won’t be attacked but you can put in preventative measures to avoid it. Let’s look at some preventative measures you can practice to be sure you keep your files out of any cyber criminal’s grasp.
1. Use the latest software models at every opportunity. Cyber criminals are predominantly tech savvy and have the ability to exploit the weaknesses in your out-of-date and poorly maintained technology.
2. Don’t blindly trust email attachments and links. Under no circumstances should you open any attachments or links until you are certain that the source is a legitimate one! Ransomware is like Phishing with regard to the methods used for attack - the cyber criminal will use persuasive language in an attempt to tempt you into behaving the way they want you to. It is always best to be cautious with everything.
3. Under no circumstances do you pay them! We understand, the pressure can get too much, and the cyber criminals sound genuine. They are going to give it back, right? Wrong! As we have previously said, payment is no guarantee that you will be re granted control, and they may simply laugh and demand some more money.
In the following article we will be looking at you as management and what your role is when considering the protection of your systems.
Ensuring the effective use of technology
BCNS make business easier and more cost-effective in guaranteeing that you and your team are always connected to each other and your clients. Our team of experts will assist you throughout the transition to be sure you achieve exactly what you desire – at the same time we can reduce your expenses and improve your security as well as performance! Contact us now and find out how we can help you with your business communications and move into a more productive future.