It is a matter of fact that technology has a large role in our day to day lives. And with the separation of work forces and the activity of working remotely – using home security and home internet services, away from the workplace environment – today’s cyber criminals are more empowered than ever before.
Whether for political reasons, financial or personal gain, hackers can use their skills to disrupt businesses and organisations. Here are some of the types of attacks that could affect your business at any time.
Social engineering attack – phishing
In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organisation or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organisation’s network.
Phishing is a form of social engineering. Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organisation. For example, an attacker may send an email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts.
Phishing attacks may also appear to come from other types of organisations, such as charities or utilities suppliers. Attackers often take advantage of current events and certain times of the year, such as
- epidemics and health scares (e.g. Covid-19)
- natural disasters
- economic concerns
To avoid becoming a victim, we suggest that you:
- Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organisation, try to verify his or her identity directly with the company before engaging further.
- Do not provide sensitive information over the Internet before checking a website’s security. Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain.
- If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information.
- Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic or use any anti-phishing features offered by your email client and web browser.
What do you do if you think you are a victim?
- If you believe you might have revealed sensitive information about your organisation, report it to the appropriate people within the organisation, including network administrators or your IT partner. They can be alert for any suspicious or unusual activity and mitigate any additional risks.
- Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.
- Consider reporting the attack to the police.
You can check your own security passwords at www.haveibeenpwned.com to see if your email credentials have been compromised. Other checks, such as dark web analysis, can be done by a recognised and registered managed security provider.
Employing some of these simple practices will go a long way to avoiding cyberattacks. However, nothing is full-proof when it comes to securing your online content. Most people put themselves at risk as a result of poor practices and simple mistakes which can be easily guarded against.
Make sure you continue being kept up to date for potential threats and educate your colleagues against these threats.
Working with a trusted IT partner can help you remain vigilant and ensure that you continue to enjoy a safe and enjoyable online experience and letting you get on with what you do best – growing your business.