Net Platforms

NetPlatforms Featured Image 1

Knowing your cyber threats – The influence of users

The rate of growth in the frequency and severity of cyber threats should be alarming to businesses across the world, especially since only 50% of small businesses report having a cyber security plan in place. An Accenture report found that companies experienced a 31% increase in cyber-attacks in 2021, compared to the previous year. Many of these threats start with users, who form an important security perimeter for businesses. In this piece, we look at cyber threats from a user perspective.  

Being small does not exempt small businesses from cyber threats. In fact, smaller enterprises are often viewed as ‘quick wins’ by cybercriminals, due to their tendency to neglect their cyber defences. Business DIT pooled data from several sources and found that an average of 46.73% of small businesses experience cyber attacks. For this reason, educating and empowering your team to be cyber security aware will prove crucial for your business.  

Let’s take a look at the user-influenced side of cyber security – known as the Human Firewall. 

 

Phishing  

Phishing attacks are one of the most common forms of cyber-attack. A Phishing attack is where a cybercriminal takes on a false identity in order to deceive users in an organisation to give access to login information, reveal sensitive information, or to trigger an illicit payment. 

The impersonation of a trusted person, whether it’s a manager or a client, gives a sense of security. It is this sense of security which leads the recipient to grant the cybercriminal access to sensitive information (such as bank details or passwords). Most commonly phishing scams are performed via email, but there are other methods, including text messages (known as Smishing), and phone calls (known as Vishing). Phishing scams are amongst the most popular of methods used by cyber criminals, and they represent the most effective vessel for malware transmission in the UK.  

All forms of Phishing attacks are the same in the way they are carried out. The aim is always to create a false sense of security and even trust from the recipient to make them follow instructions. The cybercriminal is aiming to get the recipient to believe that both the message and the source are legitimate. They then cleverly create a sense of urgency to make the recipient react on impulse and panic – the cybercriminal will often pose as an employer or the recipient’s bank to gain this trust. If what appeared to be your bank emailed you, claiming that you have 5 minutes to change your online banking password, otherwise you’ll be locked out, this makes it more likely that you’ll click the link.  

If the deception is successful, the recipient can inadvertently release malware that was contained in the link or attachments. Some even reply to the message, thereby opening a whole new problem for themselves – doing this can open the doors to your entire system, disclosing sensitive information, account details, or passwords. 

 

Phishing attacks – Protect yourself 

You would think that they would be harder to defend against than they are, due to the potentially business-crippling consequences of an attack being successful. However phishing attacks aren’t difficult to defend against, since most are fairly rudimentary in nature, relying on simple deception with no underlying technical sophistication. By remaining vigilant and understanding the hallmarks of the phishing scammer, your business will be well prepared to thwart even the most elaborate phishing campaign. Here are 3 key ways to prevent your business falling victim to a phishing scam: 

 

  1. Always stay vigilant: It should become common practice to verify the information (e.g email address, links etc) of the potentially impersonated person against records you already have. Be careful not to click on any links as they could be dangerous. Look out for missing details including mistakes in spelling, grammar, and discrepancies in the tone of the message.  
  1. Follow your gut:  Never reply to an email that even remotely fills you with suspicion. Find the trusted URL or details that you have on record for the potentially impersonated person and if you’re still unsure, contact the individual or business on those trusted details to verify the message and the contact details it came from.  
  1. Make your accounts secure: Some working platforms such as Microsoft Outlook software have intelligent algorithms that respond to your feedback. Take care to train them by marking suspicious communications as spam. Take care that your information is not publicly available online, as cyber-attacks can trawl the web, source these details, and contact them for their phishing campaigns.  

Defending your systems against Phishing attacks isn’t hard. It always comes back to one key point – be alert and think!  

 

Ransomware 

Ransomware is a form of malware; it works by disabling or encrypting the files on your system and in the process grants full ownership of your data to the cybercriminal. The cybercriminal will often have little or no interest in using your data, but simply threatens to delete it or sell it on the dark web unless they get a ransom; in return for payment, they will claim to return your access and the data.  

Like phishing, the cybercriminal will try to evoke a feeling of urgency in the recipient and do this by placing a time limit on the ransom – if it is not paid, they claim they will delete your data. This sense of urgency often pressures users to do as they are told before they have had time to think about the right course of action. 

It can be tempting under this pressure to pay, but paying doesn’t guarantee that everything is going to be alright. In fact, it is likely to have the opposite effect. There is simply no guarantee that your access and data will be returned, and giving in once can cause the same incident to happen again and again. It encourages this because it shows your willingness to pay and your ability to do so.  

 

Ransomware attacks – Protect yourself  

Ransomware is quickly becoming the cyber criminal’s weapon of choice. This is probably due to its very high success rate in terms of payouts. You unfortunately cannot – as we mentioned earlier – guarantee that your systems won’t be attacked but you can instate preventative measures to rebuff attack attempts that come your way. Let’s look at some preventative measures you can practice to be sure you keep your files out of any cyber criminal’s grasp. 

 

  1. Use the latest software models: Cyber criminals are predominantly tech-savvy and have the ability to exploit the weaknesses in your out-of-date and poorly maintained technology.  
  1. Don’t blindly trust email attachments and links: Under no circumstances should you open any attachments or links until you are certain that the source is a legitimate one! Ransomware attacks often use phishing emails as the vector of transmission, with all that entails – the cybercriminal will use persuasive language to tempt you into behaving the way they want you to. Exercise caution, and if in any doubt at all do not execute that email attachment. 
  1. Affected by malware? Do not pay: We understand, the pressure can get too much, and the cyber criminals sound genuine. They are going to give it back, right? Wrong! As we have previously said, payment is no guarantee that your files will be returned, or your system access restored. In fact, complying with the attacker’s request could mark your business as a soft target, leaving you vulnerable to further persistent ransomware attacks. 

In the following article we will be looking at cyber threats from the role of management, and what their role is when considering the protection of your systems. 

 

NetPlatforms – Ensuring you can achieve value from your technology 

Using the IT tools correctly can unlock value, security and growth for your business. You have the power to revolutionise the way your organisation produces work whilst keeping it secure from cyber threats. We can ensure that you implement the right tools, use them correctly, and plan for the future. Our success can be attributed to one thing: TRUST. Ever since our very first year in business, our clients have been happy to recommend us to other businesses, and we have grown steadily thanks to the words of our clients. We can truly help you to get the best from your IT in the most secure way possible. Don’t hesitate – contact us now!