If somebody broke into your home and without your permission took your things, it would leave you feeling angry, unnerved, and frustrated. For those of you out there that own businesses, I can imagine that you would feel very similar if somebody hacked into your infrastructure and damaged your systems or stole your business data.
So, the big question is, how do you currently protect your business from cyber-crime?
The typical answer to this question goes something along the lines of, "We've got firewalls in place?", "We use third-party email scanning services", "We install anti-virus/anti-malware programs" or some kind of explanation that all of the above are in place. Well, I hope it doesn't come as a surprise to you but the above are no longer enough to protect your business from the power of today's cyber threats.
Hackers and scammers are reliant upon your employees not noticing some of the subtle signs that would indicate their emails are not genuine. An email can look like it comes from a colleague, partner, customer, or friend, but in reality, their system may have been compromised. Cyber scams have become so sophisticated that they can be VERY effective, after all, a business' branding, logo's, employee identities, and job titles can be very easily replicated and made to look convincing.
Statistics from 2015 suggest that 91% of hacks and scams begin with a tool that we use daily...yes you've guessed it, our beloved email! According to a report published by the Radicato Group, the number of worldwide email users in 2015 was nearly 2.6 billion and by the end of 2019, it is predicted to grow to 2.9 billion. This will mean that over one-third of the worldwide population will be using email and will, therefore, be accessible as potential victims of cyber-crime.
In light of the above statistics, here are a few things that you need to train your employees to do when using email:
- Do not click on any links within emails unless you are certain they are from a trusted source AND you are expecting the email
- Do not open any attachments within emails unless they are from a trusted source AND you are expecting the email
- Do not reply to emails which are asking you for the business or your personal details unless you know for sure that it is genuine
Alongside the intelligence of today's cyber criminals, it is very important to remember that PEOPLE are the weakest link when it comes to your cyber security. The trick for businesses is to find the right combination of security solutions, whether that be software or managed services, and learning how to educate your employees on what to look out for when using emails and social media.
Here are three of the main methods that cyber-criminals use to breach our systems:
- Like-jacking: criminals will post fake Facebook "like" buttons within web pages so that when people click them, malware is downloaded to their machine
- Link-jacking: hackers use re-direct links to move users from trusted websites to malware infected websites that hide drive-by infections or other types of infections
- Spear Phishing: the person performing the scam will acquire sensitive information on the targeted user, such as usernames, passwords, and credit card details by disguising their malware as a trustworthy entity within an email or social media post
Spear Phishing is currently one of the most prominent and successful methods of exploiting data security as the hacker gets to know their user's interests and behaviours through their social media and online activity prior to setting up the malware email. Our behavioural patterns are so easy to access today with the amount of data that we consume and share, making it even more essential for us to have basic knowledge of what potential threats look like.
For now, here are three key things to be very aware of:
- NO business is immune from cyber-crime
- NO security threat is too small
- NO precautions should be spared when it comes to the security of your business data
ACS is very aware that your data security starts with internal knowledge. All it takes is one click of a link for malware code to be released into your system, compromising your security. These security issues are very real and very present.
If you are thinking I don't know where to start, are unsure as to how well protected your business currently is, or you need help educating your workforce on how to spot untrustworthy content, then talk to our specialists now.
We can help your business with:
- Proactive consultancy and advisory services on how to stay ahead of cyber-crime
- Workshops on how to be security savvy
- We work with partners to provide both internal and external penetration testing of your infrastructure