Cyber Security Threatosaurus
Your business may be a multi-national, multi-million pound a year organisation, or it may be a small family-run firm with only a few team members, but either way a good standard of cyber security is essential. Cyber criminals are opportunists – they see a chance to break in to your systems and, with very little consideration, they go for it! Of course, the larger the potential return the better for them, but your figures being a little lower than others do not make you immune to an attack.
Unfortunately, achieving one-hundred percent cyber security in your organisation is an impossibility. The only way of achieving this incredible feat would be to irradicate technology all together – a decision we wouldn’t recommend as it would set your business back quite some way, not to mention the business-defining benefits that can be achieved from technology when it is correctly used.
We have established that technology is too important to simply irradicate and that there is no way of achieving one hundred percent security. However, we can make it as hard as possible for cyber criminals to attack our systems successfully.
Throughout this blog series we will explore the potential threats to your systems, what makes them a concern to your business, and how to stop any attempted attacks before they become a problem to your organisation.
In this first blog of the two-part series, we will consider your ‘human Firewall’ within your organisation as opposed to what you as a manager can implement.
Cyber security threats, why they are a concern, and how to stop them causing problems.
Phishing
Phishing is a form of cyber attack conducted using deception as the vessel to gain the trust of their unwitting victims. The cyber criminal will assume a false identity in order to acquire sensitive information from their victims, including bank and account details. When most hear the phrase “Phishing scams” they normally associate the term with email but, in reality, the email is just the vehicle for the scam. Typically they use website links, text messages and phone calls, as well as emails, to perform Phishing scams.
Whichever way the cyber criminal chooses to attack your system, the aim is to fool the recipient into believing that the message is legitimate, from a trusted source, and, most importantly, requires urgent attention (meaning less time to think about the source of the email). With this in mind they often appear as a message from the recipient’s employer, their bank, or another trusted source – basically anyone that would encourage a fast response.
If the deception works, the recipient may then proceed to open the email and release Malware contained in attachments into the system, or – in the worst-case scenario – respond to the message and disclose sensitive information, account details, or passwords. Both can have a serious derogatory effect on operations within your organisation.
What can you do about it?
The methods of defending your systems against Phishing scams are not elaborate and wouldn’t take weeks to implement. Let’s explore some of them now and you can see for yourself:
- Be vigilant! Vigilance when doing anything on your systems is essential – one wrong click can be the difference between successfully defending your systems and opening the floodgates to a business-defining cyber attack.
- Don’t reply to an email that seems suspicious in any way, even if it appears to come from a trusted source. Instead, send a new email to the individual in question using contact information you previously held for them. In this way you can guarantee the source is correct.
- Use privacy settings on social media to keep personal information hidden. Don’t make your address, phone number or even things like your friends list available to anyone.
- Use anti-phishing software. These widely available software programs aim to prevent users from accessing malicious links and websites by activating pop-up warnings and preventing malicious emails from ever reaching you.
- Verify the URLs carefully before clicking on links or submitting sensitive information. Often scammers will try to imitate legitimate sites closely, so this is something to pay particular attention to.
- Be wary of URL redirects. Verify the URL of the new site against that of the legitimate site.
As we said in the first point in the list, vigilance when navigating your technological landscape is essential. Phishing scammers rely solely on deception to rob users of their data. Be sure before you act!
Ransomware
Ransomware is a type of Malware that operates differently to Phishing scams as it works by disabling and encrypting files on your system – in the process denying you access to those files and gaining ownership for themselves, which would only be returned once you have paid the ‘ransom’ demanded by the cyber criminal.
One similarity with Phishing scams is the intent to instigate panic and a ‘split-second decision’. The cyber criminals will set time limits on payments and threaten to delete files if payment is not received.
It is understandable that under this pressure most business owners would simply pay the fee – and why not? Pay the money, learn from your mistake, move on? If only it was that simple. They are criminals after all, and there is no guarantee that they will ever return your data. If anything, paying the fee makes you more likely to be attacked again as you are broadcasting the fact that you are ready and willing to pay the amount asked.
What can be done about it?
Ransomware attacks have risen in popularity over recent times, probably due to its high success rate, with victims paying out more often than not. In fact, according to a study by global security company Kaspersky, ‘More than half (56%) of ransomware victims paid the ransom to restore access to their data last year, according to a global study of 15,000 consumers’ ¹.
As the adage goes ‘prevention is better than the cure’, and this is particularly true for Ransomware because there simply is no cure, there is no way to guarantee that your systems won’t be attacked, and that the criminal won’t be successful. But don’t worry – all is not lost, there are measures that can be taken to have the best chance of preventing an attack being successful. They are as follows:
- Take care with email attachments and embedded links – Don’t open any attachments or links unless you’re completely confident that they come from a legitimate source. As with Phishing, emails containing embedded Ransomware will often feature persuasive language so it’s always best to keep a cool head and proceed with caution.
- Use advanced threat protection – Use anti-malware security software from trusted vendors to safeguard your data. Employ more than just virus protection; look for threat protection suites that offer firewalls and back-up capabilities.
- Keep your system and software up-to-date – Cyber criminals will exploit weaknesses in out-of-date, poorly maintained software. This means keeping everything up-to-date, from your operating system to the individual programs you use, as well as your anti-virus software.
- Take advantage of Cloud services – Cloud services such as hosted storage limit the opportunities for Ransomware to gain entry into your system.
- Don’t enable macros – If an email attachment from an unknown source requires you to enable macros to view it, it’s best just to ignore it. The act of enabling macros itself will often infect your computer.
- DO NOT PAY! – The most important point of all, do not pay under any circumstances! As we said previously, it is understandable to want to rid yourself of the burden and worry that you haven’t got command of your data but remember that payment is no guarantee that you are going to regain control – you are dealing with heartless criminals, who may ask for more money and still not return your files.
Vishing
Vishing (not to be confused with Phishing) similarly uses deception as the vessel on which the cyber crime is committed. The difference between Vishing and Phishing is that Vishing is performed using VoIP phone systems instead of emails and malicious links.
VoIP provides a certain amount of anonymity in its design and fraudsters have learnt to use this anonymity to their advantage. VoIP has features that allow for caller ID spoofing, making it nearly impossible for authorities to track down the criminals and make them accountable for their actions. Landline services, on the other hand, allow numbers to be assigned to physical locations known to the phone companies and which are therefore easily accessible to the authorities.
One of the key similarities that a Vishing scam shares with the two we have already covered is the use of deception, urgency, fear tactics, and emotional manipulation to force users into making the wrong decision and sharing sensitive information. A perception of legitimacy is also created using fake caller ID profiles and the use of IVR (interactive voice response) systems.
What can be done to defend against it?
Most of the calls we receive in our daily work lives are from legitimate sources, but, just in case a cyber criminal is trying to pull the wool over your eyes, it is essential to remain vigilant, especially if the caller is asking questions that could mean the release of identifying or account-specific information. Let’s take a look at some ways to ensure you don’t become their next victim.
- Don’t give in to pressure – Be wary if the caller is using emotive language to create a sense of emergency or urgency.
- Stay in control – Good scammers will have an answer for everything. If you’re unsure just hang up and get on with your day.
- Ignore unknown numbers – Legitimate callers tend to leave messages, allowing you to reach out to them.
- Be aware – Know the techniques the scammers use and keep an ear out for warning signs.
If you educate your users on the threats that are designed specifically to target them, their good nature, and their lack of prowess on the system, they will be in good stead to stop attacks in their tracks before they do any damage to your systems.
In the next and last blog in the series, we will be looking at what you, as management, can do to protect your business from cyber attacks.
Keeping your technology functional and secure – 4TC
We recognise the challenges that businesses face daily with their technology – and security is one of the most prominent of them all. Our team of experts will work together with you to find a cyber security strategy that compliments the way you do business. We will also educate your team to be sure that they understand the strategy and are prepared for whatever a cyber criminal can throw at them. With our help you can go into the future confident that your systems are secure.
We’re 4tc Managed IT Services
4TC can support you with all your IT needs! We are trained professionals with years of experience and can guarantee you a service like no other.
We will give you and your business consistent attention – assuring that we do not only provide you with the best now but also continue to provide you with the best going into the future. We can act as either your IT department or to supplement an existing IT arrangement.
Get in touch now!
Email: support@4tc.co.uk
Tel: 020 7250 3840
London Office
5th Floor, 167‑169 Great Portland Street
London
W1W 5PF
Essex Office
Dew Gates The Street
High Roding
Essex
CM6 1NT