Tag Archives: Phishing

Stay Safe from Phishing Attacks

Many threats to your network abound, and often ransomware, malware and viruses enter your network through social engineering, or “phishing” emails. Read on to learn the extent of the problem and how you can keep your business from being affected by these threats. 

 

Phishing a Growing Threat

 

Social engineering attacks, including phishing, are among the greatest threats to individual users as well as small to medium-sized businesses. Even though giants like Google and Facebook get the headlines, small to medium-sized businesses are not immune. Anyone and everyone can be a phishing target, and these attacks often come through email, something people use every day. A malicious actor sends an email (perhaps appearing to be from someone the recipient knows), trying to get confidential information like passwords or trying to insert malware in the network. According to a CompTIA State of Cybersecurity report, it can cost $1.85 million to remediate a ransomware attack.  Often these attacks come through spam emails and contain dangerous links that, when clicked on, can introduce malware to your system. Spam emails, in fact, account for most of the ransomware attacks. In spite of the prevalence of phishing, many users are not aware of the risk; as many as 13.6% of recipients click on the link. 

 

How to Prevent Phishing Emails from Becoming Attacks

 

In spite of such daunting statistics, there is good news–more awareness about the dangers of phishing scams. Many companies are consistently and systematically training their employees, and those with more than eleven campaigns per year (on average, one a month), have a low click-through rate, only 13%. This awareness, along with using email solutions that filter out the spam responsible for many phishing attacks, can block the majority of phishing attacks and keep your network safe. It’s still wise to be prepared in case something gets through, and have data backed up off site for easy retrieval. Finally, you can train your employees to recognize a possible phishing email. Clues include addresses that don’t look real, spelling errors, poorly written content, and appeals to emotions like fear. Once your workers are on guard, they know not to click on dangerous links. If the email looks like it’s from someone the person knows, it’s good to check that the message is indeed from them. If not, the email can be deleted.

 

Though phishing attacks are growing more common (not to mention more sophisticated), many intrusions can be prevented with technological tools and employee training. To learn more about keeping your network safe, contact us today.

Tips to Avoid Security Breaches

According to a recent CompTIA report, even though people know what to do to avoid security breaches, they don’t always put this knowledge into practice. Employees can, however, take advantage of cybersecurity training in the workplace, learn to change passwords frequently, and implement other safeguards.

How to Identify a Phishing Scheme

The mouse arrow can be pointed at a suspected link exposing information you can use to identify an untrusted source. Another clue to be on the lookout for is a misspelling in the ‘reply to’ email address of the email. Third, hackers may use attachments that appear to be trusted (e.g., .txt or .doc)  to try to get personal information. Inspect the extension of the attachment to ensure they do not include “.exe” as this may launch a cyber attack as an executable program.

Be Aware of Spear Phishing

Spear Phishing is a form of social engineering designed to get you and your employees to divulge specific privacy information by using relevant and trusted information to influence your behavior. This could include banking, vendor, customer or other familiar information to trick you into providing account, password and other privacy data. Similar to phishing, these same clues can be a help in avoiding “spear phishing” attacks. You may also consider reaching out to customers, vendors or employees to authenticate an email’s source before taking action.

Monitor Your Network and  Use Security Information and Event Management Technology to  Cyber Attacks

There are many options to monitor your network for intrusions. Network monitoring can identify unauthorized access, unauthorized network login attempts, unexpected network traffic in terms of volume or time of day that all could point to Cyber Attacks. By using Security Information Event Management (SIEM) technologies, possible threats can be assessed, giving your business a holistic view of the most significant threats in real time. You may also consider penetration testing to simulate a cyber attack, in order to determine any vulnerabilities in your system and assess which ones are most crucial.

 

While technology can help deter cyber attacks, human beings always play a role in staying safe. Even if a phishing attempt is directed specifically at an employee, it can compromise an entire network. To learn more about how to respond to upcoming threats, contact your technology advisor today.

Hacking Hazards to Watch in 2019

The more technology advances, the more businesses must be aware of security breaches and hacker attacks. Where are hackers likely to strike in 2019, and how can you protect your business? Read on to learn more about new and existing cyberattacks to avoid.

Toll Fraud Likely to Threaten Businesses

Toll Fraud is an emerging cyber threat to watch out for. Toll fraud may happen when an attacker accesses your phone system to make fraudulent calls, possibly by posing as a new customer, placing calls (including expensive long-distance calls) directly from your business’s phone lines — on your dime! Cybercriminals may target businesses with in-house phone systems, rather than ones with Voice over IP (VoIP) systems. Toll fraud can be recognized and prevented through monitoring of a VoIP system.

Be on Look out for Phishing Schemes

Phishing typically uses emails to lure your employees into clicking on links that download malicious software (Malware). In addition, Phishing schemes may also get your employees to share internal information including passwords, confidential information, privacy information, financial information, patents and more. Educating your staff on how to recognize suspicious links and report them is your first line of defense.

Ransomware is Everywhere

Employees can also introduce Ransomware to your network, that can travel to all attached devices including your server. Once infected, you will be held ransom to regain access. If you pay, you are likely to be targeted again. Avoid ransomware by having strict policies to prevent thumb drives, guest PCs and other non-compliant devices attaching to your network. Having a reliable backup of your systems is a way to rapidly recover without paying the ransom.

While firewalls, anti-virus SPAM filtering, and penetration testing can help deter cyber attacks, human beings play a role in staying safe. To learn more about how to respond to upcoming threats, contact your technology advisor today.

Cyber Crime

Keeping Your Network Secure

A network is only as strong as its weakest link, and if that weakest link is your security, that can compromise the revenue and the reputation of your business. Attacks just from ransomware have increased over the years, by 200% between 2015 and 2016 alone.  There are three fronts to consider: identify the hazards, use technical tools to protect your network, and educate your employees on cybersecurity. Read on to find out more about how to protect yourself.

Know the Hazards of Malware and Phishing Schemes

With so many businesses finding it necessary to gather, store and monetize customer data, this is an area of vulnerability. Malicious software, or “malware,” can take various forms, from worms and viruses to ransomware, which can hold your data hostage. Some types can simply make your system run more slowly, and some can steal or destroy data. Phishing schemes are designed to steal private data simply by an unwary recipient clicking a link. Technical tools are part of the protection plan.

Fight Cyber Attacks with Technology

There are plenty of technical tools and applications to keep your system safe. Firewalls and SPAM filters can keep unwanted network communications from coming in and going out. Anti-virus and anti-malware applications keep harmful worms, viruses and other malicious software from infiltrating your network. Be sure also to keep your antivirus and anti-malware programs up-to-date, to guard against the latest threats. Network monitoring can help stop attacks before they start, and operating system patches can fill in any security holes in the network. Along with these tools, be sure to train your employees to recognize security hazards.

Don’t Forget the Human Element

Employees can be the first line of defense against cybersecurity hazards. Teach your employees, through regular training, to recognize threats to your system’s security. Educate them to avoid “phishing” schemes by not clicking on links in email from suspicious sources, and how to recognize a suspicious email (often typographical or factual errors in the email are tip-offs). Finally, emphasize that cybersecurity is a team effort, and get them invested in helping keep your network safe.

Remember, your business is only as secure as your network. You are risking more than money if your network contains weak spots. Contact your technology advisor for assistance with protecting your network’s security.

How to Avoid Being a Ransomware Hostage

RansomwareRansomware, spyware, phishing schemes, and other Cyber attacks are commonplace in today’s world of technology. According to a recent article in Forbes, ransomware attacks grew at an accelerated pace in 2016 with reports of 638 million attacks, almost 200 times more than the number of ransomware attacks in 2015. Most experts agree that Ransomware attacks will continue to occur–so what can you do to avoid being a ransomware hostage?

Not All Ransomware is Created Equal

Before you panic, find out what type of Ransomware you are up against. Scareware is a type of Ransomware that tricks you into thinking you have a bigger problem. A simple scan may quickly remove the pop from your browser cache and get you back on your way. Some ransomware is truly nasty — your entire system may be encrypted, meaning you will need to wipe your system and start over if you have a good backup. Otherwise, you may find yourself hostage to the cybercriminals to unlock your data.

An Ounce of Protection is Worth a Pound of Ransom

Data protection is an important element in minimizing the impact of Ransomware. Make sure your network security is fully compliant. Backup your data, update your antivirus definitions and make sure your security patches are up to date. Consider using Cloud Backup, Security as a Service, and Managed IT services to keep your network up to date. Having a strong offense to avoid ransomware is your best defense.

Don’t Forget the Human Element

Train your employees on a regular basis on the importance of staying vigilant against Cyberattacks and how to avoid being a hostage. There are many resources to get training for your team. Periodic updates about threats and security procedures serve as a reminder to your employees to ensure they adhere to best practices.

If you need security training or are interested in a review of your network, security vulnerability, or other technology infrastructure, contact your Technology Advisor today.