Cyber-criminals are always finding new ways to catch businesses out and gain access to their valuable data. They are evolving all the time, trying new tactics and becoming more sophisticated in their approach.
Also, with more remote working and us all relying on technology a little more than usual, cyber-criminals are using tactics that look to exploit this way of working. Therefore, to help educate and protect businesses we have outlined some of the more inventive tactics that cyber-criminals are now using, so you can keep your business safe.
Phishing Emails & Texts
These look like they are coming from an established company, such as Microsoft, PayPal or Amazon, even using their logos and brand colours, but they’re not. These usually ask you to validate your account by clicking on a link, logging in and inputting your details. If you do, then a cyber-criminal will now have your details and can use them to access your accounts. If you are unsure, check with your IT team or consultant.
This is a targeted version of the above. They often look more convincing and are specifically aimed at an organisation or department. Usually, these will have company specific details or appear more relevant to your industry or sector. This targeted approach often leads to more people falling for them. So, if in doubt report them to your IT team to make sure they are legitimate.
Impersonation is literally just that. When emails, text messages and, in some cases phone calls appear to be from a colleague when they are not. A common example of this is when an email is from a director, senior manager or even an external supplier who you work with regularly. Most of these are asking for something to be done urgently, such as a bank transfer or access to a payment. A good rule of thumb is not to react, rather validate the request face to face or with a phone call to make sure it is genuine.
This follows on from impersonation, but rather committing the cyber-attack online, this flows over into real life. Social engineering is where someone attempts to con someone within the business to gain access to the office environment or your data. This could take place when a member of your team receives an unexpected visitor who is asking for access to the server room, or someone getting a call pretending to be from the IT department and asking for a password to log in.
As with all security, think before you react. Don’t assume any unusual email or request is genuine. Always try to double-check with someone that a request is legitimate. Your IT team or IT Consultant should be able to help if you are unsure. Better safe than sorry.
Greystone: Making sense of IT and software solutions.