Current Cyber Threats – What You Need To Know

penetration testing

 

 

We all hear about cyber threats and hacks virtually every day and most of the time there’s alot of technical jargon involved.  I’ve
written this article to explain what some of the most common types of threats are and what you need to look out for.

There are a number of ways that you and your business are at risk from cyber threats.  Three of the most common include –

Brand-jacking/Credential Harvesting –

Scenario –

  • Usually done initially through an email
  • Fools victim into thinking that email is legitimate
  • Pretending to be a reputable company like Microsoft or a bank or well-known business
  • Directs victim to a very real looking log-in screen (which is fake)
  • Asks victim for username and password for that website to enable them to log in.
  • Once this has been entered, scammer has victims credentials and has full access to victims account.

Tips –

  • Check language very carefully in emails – Dear customer, dear <email address> are red flags
  • Check the senders email address to ensure that they are who they say they are.
  • Hover over the link in your email to check the web address to see if it is legitimate
  • Use a URL scan to check if there is record of the web-site being malicious or spam – https://www.virustotal.com
  • If you do click on link – check that the website address is legitimate and again it is who they say they are.
  • Set-up additional security for yourself on critical web-sites and services.  This could include multi-factor or two-factor authentication.
  • If in doubt, don’t click on it.  Ask your IT

 

Spam Emails Containing Malware

Scenario –

  • Comes in an email with an attachment or link
  • Fools victim into thinking that email is legitimate
  • Pretending to be a reputable company
  • Directs victim to open file or click on link
  • Once victim performs action, malicious payload is installed onto the computer
  • Most common type is crypto/ransomware which encrypts all files on computer and spreads to network.  Only recovery is from backup.  Other
    malicious software can include key loggers which steal credentials.
  • Some businesses take decision to pay ransom which is a huge risk.

Tips –

  • Check language very carefully in emails – Dear customer, dear <email address> are red flags
  • Check the senders email address to ensure that they are who they say they are.
  • If there is a link – hover over the link in your email to check the web address to see if it is legitimate.
  • Use a URL scan to check if there is record of the web-site being malicious or spam – https://www.virustotal.com
  • If there is an attachment, what is it called?  Does it have a generic name like invoice.pdf etc
  • If you do click on link – check that the website address is legitimate and again it is who they say they are.
  • Set-up additional security for yourself on critical web-sites and services.  This could include multi-factor or two-factor authentication.
  • If in doubt, don’t click on it.  Ask your IT.

 

Brute Force Hacking –

Scenario –

  • Usually performed by a skilled ‘hacker’
  • Targets businesses with perceived poor security
  • Usually doesn’t involve user/staff interaction
  • Targets poor passwords or ‘back-doors’ to provide access to the business computer network or business application.
  • Once inside the network or application hackers can steal information, install malicious software and cause major disruption.

Tips –

  • Ensure that password policies have been set-up properly for all staff.
  • Ensure no accounts are set with non-expiring passwords.
  • Provide staff with access to what they need, not what they want.
  • Ensure your external network security is strong.
  • Set up additional security for business applications including multi-factor authentication.
  • Ensure that security alerts are set up so that your IT knows when there are hacking attempts.
  • Get an expert to perform regular reviews of your cyber security.

As I’ve talked about numerous times there are precautions you and your business can put in place to help prevent the majority of cyber
threats from impacting you.  These include –

  • Install suitable end-point security software on all computers and servers
  • Install a security firewall to protect your network
  • Install an email anti-spam and email security solution
  • Set-up password policies and configure complex passwords
  • Configure multi-factor authentication where you can
  • Educate and raise awareness of threats
  • Take out cyber insurance

 

If you’d like any further information or assistance with your cyber security please call us on 1300
478 738

or email us at 
info@suretyit.com.au


<s”am

Find out how we can help with your IT challenges.
Talk to us today 1300 478 738 or Email

Subscribe for the latest industry news, updates and advice.

About the author:

Ash Klemm

Ash Klemm

Ash has over 20 years of experience in sales and marketing.His journey from a casual salesperson at Chandlers to State Manager at a national IT distribution company, while battling health issues, including a double lung transplant in 2015, gave him the experience, know-how, tenacity, and marketing insight, to find solutions and help businesses grow.After spending several years in the ivory tower of state management, Ash missed the genuine connection of face to face meetings and helping make a difference to businesses in need.His authentic, conversational, and easy-going nature helps our customers feel at ease and shows them we are a brand to trust. Ash spends his days advocating for our customers to ensure they receive the best possible service in a timely fashion. Ash is also the in house chair builder.His curiosity and natural problem-solving ability make him the perfect first call for all our new customers to help determine what is wrong, how Surety IT can help and what the best solutions are moving forward.
Scroll to Top