We all hear about cyber threats and hacks virtually every day and most of the time there’s alot of technical jargon involved. I’ve
written this article to explain what some of the most common types of threats are and what you need to look out for.
There are a number of ways that you and your business are at risk from cyber threats. Three of the most common include –
Brand-jacking/Credential Harvesting –
Scenario –
- Usually done initially through an email
- Fools victim into thinking that email is legitimate
- Pretending to be a reputable company like Microsoft or a bank or well-known business
- Directs victim to a very real looking log-in screen (which is fake)
- Asks victim for username and password for that website to enable them to log in.
- Once this has been entered, scammer has victims credentials and has full access to victims account.
Tips –
- Check language very carefully in emails – Dear customer, dear <email address> are red flags
- Check the senders email address to ensure that they are who they say they are.
- Hover over the link in your email to check the web address to see if it is legitimate
- Use a URL scan to check if there is record of the web-site being malicious or spam – https://www.virustotal.com
- If you do click on link – check that the website address is legitimate and again it is who they say they are.
- Set-up additional security for yourself on critical web-sites and services. This could include multi-factor or two-factor authentication.
- If in doubt, don’t click on it. Ask your IT
Spam Emails Containing Malware
Scenario –
- Comes in an email with an attachment or link
- Fools victim into thinking that email is legitimate
- Pretending to be a reputable company
- Directs victim to open file or click on link
- Once victim performs action, malicious payload is installed onto the computer
- Most common type is crypto/ransomware which encrypts all files on computer and spreads to network. Only recovery is from backup. Other
malicious software can include key loggers which steal credentials. - Some businesses take decision to pay ransom which is a huge risk.
Tips –
- Check language very carefully in emails – Dear customer, dear <email address> are red flags
- Check the senders email address to ensure that they are who they say they are.
- If there is a link – hover over the link in your email to check the web address to see if it is legitimate.
- Use a URL scan to check if there is record of the web-site being malicious or spam – https://www.virustotal.com
- If there is an attachment, what is it called? Does it have a generic name like invoice.pdf etc
- If you do click on link – check that the website address is legitimate and again it is who they say they are.
- Set-up additional security for yourself on critical web-sites and services. This could include multi-factor or two-factor authentication.
- If in doubt, don’t click on it. Ask your IT.
Brute Force Hacking –
Scenario –
- Usually performed by a skilled ‘hacker’
- Targets businesses with perceived poor security
- Usually doesn’t involve user/staff interaction
- Targets poor passwords or ‘back-doors’ to provide access to the business computer network or business application.
- Once inside the network or application hackers can steal information, install malicious software and cause major disruption.
Tips –
- Ensure that password policies have been set-up properly for all staff.
- Ensure no accounts are set with non-expiring passwords.
- Provide staff with access to what they need, not what they want.
- Ensure your external network security is strong.
- Set up additional security for business applications including multi-factor authentication.
- Ensure that security alerts are set up so that your IT knows when there are hacking attempts.
- Get an expert to perform regular reviews of your cyber security.
As I’ve talked about numerous times there are precautions you and your business can put in place to help prevent the majority of cyber
threats from impacting you. These include –
- Install suitable end-point security software on all computers and servers
- Install a security firewall to protect your network
- Install an email anti-spam and email security solution
- Set-up password policies and configure complex passwords
- Configure multi-factor authentication where you can
- Educate and raise awareness of threats
- Take out cyber insurance
If you’d like any further information or assistance with your cyber security please call us on 1300
478 738
or email us at info@suretyit.com.au
<s”am
