Remote Working, IT Security | November 2020
There have been several recent cases of local companies falling prey to phishing attacks in which their email has been hacked with potentially devastating consequences.
The problems have encompassed fake emails from directors being sent to multiple accounts, and false invoices being paid.
The reality is that the problems and the associated loss of time, money and reputation would probably not have happened had the parties involved had the right security measures in place. Here, we run through some potential avoidable security risks – and what you can do to minimise them.
According to a report from late 2019, 75% of executives said phishing emails are among their biggest security concerns. The same report said these decision makers claim training is among the best ways of dealing with the menace of phishing. Yet the report adds that 60% receive training less often than once a quarter, meaning not everyone may be up to speed with current developments.
Essentially, with this cybercrime, victims are emailed, phoned or sent a text message. Someone poses as a legitimate organisation to persuade people to hand over sensitive information like passwords or banking or credit card details. Ultimately, phishing can lead to identity theft plus hefty financial loss.
At Snapchat, for example, a spam email to staff purporting to be from the CEO asked for payroll data, which one staff member then disclosed.
Tactics include lucrative offers that seem (and are) too good to be true, messages which create a sense of urgency, for example telling you only have a short while to respond, or hyperlinks purporting to be to popular websites, but with a single letter misspelt.
Phishing emails are among the most common types of security breaches. And, unfortunately, they’re becoming increasingly complex and convincing.
These involve the release of secure information to an untrusted environment. In recent years, hotel chain Marriott, online marketplace eBay and US retailer Target are among the big names to have experienced serious data breaches.
This is malicious software which can block access to a computer system until money is paid out. This disrupts operations, prevents a business from accessing its information; and it can take a lot of money and time to restore data. Then there is the damage to reputation as well.
This is software which can damage devices, steal information and generally cause disruption. Malware comes in many forms, from viruses to spyware and Trojans.
A 2017 Government survey found that nearly half (46%) of UK businesses had identified at least one breach of cyber security. In 2016, the figure was just under a quarter (24%).
In 2020 the fifth annual Cyber Security Breaches Survey revealed that the extent of cyber security threats has not diminished and that, instead, cyber attacks have evolved and become more frequent.
Among this 46% of businesses that identified breaches or attacks in the last 12 months, more are experiencing these issues at least once a week in 2020 (32% v. 22% in 2017).
The nature of cyber attacks has also changed since 2017. Over this period, there has been, among those identifying any breaches or attacks, a rise in businesses experiencing phishing attacks (from 72% to 86%).
So the threat to staff, customers and others you’re in contact with is very real.
Here are some of the things you can do:
At Epoq IT, we forge long-term working relationships with businesses so that their IT systems make them stable, competitive and able to grow. We can help you, too, with a complete solution for your IT, including cast-iron cybersecurity.
Written by James Clark
I focus on continuous improvement to the way IT Service Management is delivered to many SME clients. I’m enthusiastic about enhancing the efficiency of IT processes to support business objectives.