Cyber crime isn’t going away. Security threats are constantly evolving to evade detection, so it can feel like a constant challenge for a business to protect itself. Having a proactive maintenance and monitoring plan in place and conducting good user training is a solid defence strategy, but it’s also helpful to know what the latest threats look like.
Phishing emails not detected as spam are becoming increasingly common. If something comes through as a ‘normal’ email, it appears genuine – but this isn’t always the case. Be cautious about anything asking you to click on a link within an email should be treated with caution. Even if the email is disguising itself as one from your bank or a credible existing supplier, do not risk it. If in doubt, call them and ask whether they sent the email. Chances are, they didn’t and this is just the latest scam by criminals intent on stealing data and money from businesses.
At the opposite end of the spectrum are less sophisticated email scams. There has been a marked increase in unknown senders issuing abusive emails to recipients trying to get a response. It could be tempting to respond in irritation but the best thing to do is simply ignore.
Ransomware is also becoming an even more prevalent form of malware; software created with malicious intent. Ransomware holds data to ransom, demanding a fee to release it, and includes the infamous ‘Cryptolocker’ and ‘Game Over Zeus’ viruses. We recommend businesses mitigate against the risks of a Ransomware attack by saving their files in the Cloud rather than the desktop itself, for example in OneDrive, SharePoint or Google Drive. Use the business versions of cloud storage and pay for storage to ensure protection/encryption, and avoid using free software like DropBox unless you have enterprise security. Antivirus and monitoring software is also intrinsic to prevent the latest ransomware threat from sitting on your machine and encrypting data, so always ensure this is up to date.
Password attacks
Many people don’t realise there are different means of ‘password attack’; a brute-force attack, which involves guessing at passwords until the hacker gets in; a dictionary attack, which uses a programme to try different combinations of dictionary words; and keylogging, which tracks all of a user’s keystrokes, including login IDs and passwords. Strong passwords are key – minimum eight characters, alpha-numeric and with a character like a full stop or exclamation mark. Don’t use the same passwords for everything, and try to avoid ‘remember password’ where you can, it just makes it easier for someone to log in if lost or stolen.
There is plenty of evidence that attacks on small businesses are increasing, including an extensive report from security firm Symantec conducted last year. Criminals often see SMEs as a soft target, as they are expected to have less security than a blue chip company whilst sitting on data they may not recognise as valuable. Make sure you don’t get caught out by ever-evolving threats by committing to ongoing review of your security measures. Look at your policies regularly, check the software you have is the best and most up to date, and in short, make cyber security a business priority.
Andy Hinxman is founder of Keybridge IT Solutions.