Cybercrime and Phishing is something that anyone can be a victim of, private individuals, small companies and large corporates may all be targeted through various forms of phishing and malware that you may unwittingly install on your computer by clicking a link or opening a file attachment that has been sent to you.
Cybercrime victims can suffer financial loss and damage to their reputation and may even find their data being held to ransom. Cybercrime in all forms is a wide scale problem over one million UK cases reported to Action Fraud in the last year alone.
Most criminals have limited technical capabilities but are being helped by sophisticated tools that they can access through the online criminal market place, which is helping cybercrime to grow and evolve.
‘Ransomware’ attacks are increasingly being reported, threats are made to block a company from using their data, or in some cases to publish the data online. Some attacks are targeted while others are random and speculative, casting a wide net to get results.
Phishing is one of the most common cyber-attacks, operating through emails which appear to come from legitimate senders, they entice the recipient to click on a link or attachment which will then infect the victim’s computer with malware which gleans private information, which can allow the attacker to disrupt business operations, destroy data and steal money.
Anti-virus programmes are often bypassed by phishing attachments which use Microsoft office macros, these download the malware if run. Links may look like they go to a seemingly legitimate website but these websites will exploit vulnerabilities in a victims computer to install malicious code.
Some attacks are sophisticated and aimed at selected groups, victims may be researched through social media and website information, other attacks are designed to target as many people as possible knowing that they only need to catch a tiny percentage to be successful.
These high volume phishing attacks use fake invoices, remittances, banking updates, and final demand documents to encourage their target to open the attachments, others lead potential victims to enter private data onto forms on websites that are designed to look and feel like a legitimate site.
The risks to business include:
- Your data may be stolen or encrypted for ransom;
- It may result in hardware damage;
- Fraudulent internet banking redirection;
- And they may steal your money.
So how can you defend your business against phishing?:
- Always protect your systems by installing and updating reputable anti-virus software, and keep systems up to date with new releases and security patches;
- Never open attachments, click links or download software from unknown sources or questionable websites;
- Make sure that you have protective policies and training to ensure that staff have the knowledge to conduct business safely online;
- Limit access to systems and information based on job duties, and split financial responsibilities between employees;
- Only allow internet access to trusted websites, and limit the use of external media devices;
- Be aware of what information is available about you and your organisation on social media and the wider internet. If you know what can be found, you can be more alert to its use in an innocuous-looking email.
To avoid issues when dealing with emails and attachments. make sure that you look out for signs such as un-recognised senders, confirmations for purchases, responses to forms that you haven’t completed, unusual language, greetings or titles in the subject box, any of these can indicate that the email isn’t genuine.
If you receive an email with an attachment, which appears to be from someone you know but weren’t expecting, call them to confirm it before you open it, better to be safe than sorry.
Over the coming weeks on this blog we will be discussing the different risks you and your business could be faced with. Cybercrime does not just affect businesses, your personal data could also be compromised.
Learn more about keeping your data safe with the ProTrainings Data Protection video online course at www.prodataprotection.co.uk or by calling ProTrainings on 01206 805359.