Phishing is the term used when cyber criminals use what appear to be apparently legitimate web based forms or links in emails sent to your inbox to get you to pass over confidential or personal information. They can take the form of phishing calls too, but they are more obvious.
Phishing emails can be highly targeted and easy to fall prey to. This is especially true if it looks like it came from your line manager or a client you have recently been dealing with, and starts off with a relevant subject line.
Sometimes these links embedded in the emails are simply used to harvest or steal information from your business, in order to help prepare for a wider attack later. Other times these forms are designed to deliver payloads of executable files to your machine or your network, such as malware which then can be devastating when activated within an unsuspecting or unprepared business.
Since lockdown we have learnt of a huge spike (i.e. over 300% increase) in phishing attempts made by criminals to businesses across North Wales. So we wanted to provide this piece as a timely warning and reminder for all businesses and followers of North Wales Social to take extra care online.
You have to remember that your data is very valuable and whilst having some technology and tools in place will help you stay secure, the weakest link is usually the unsuspecting individual on the end of the phone line or typing on the keyboard. Criminals know this, so you need to be on your guard, and especially so during these challenging times. Timing is important too. Criminals often send urgent financial phishing emails to finance teams late on a Friday afternoon, when they know people are thinking of switching off for the weekend, and guards are at their lowest.
Here at Security Foundry we’ve heard about many organisations across North Wales who have had to let go or furlough some or all of their IT support teams, simply to try and stay in business.
This has happened at precisely the same time when they are being subject to much greater levels of attack from cyber criminals. This means more breaches are happening than ever before and more businesses here in North Wales are losing their data. Lost data can mean lost money, lost customers and loss of reputation.
Data breaches can take weeks or months to resolve, and this is precious time that many businesses simply do not have at present as they continue to fight to survive this ongoing crisis.
So we’d recommend you think about how quickly you’ve moved to a more mobile working environment over recent weeks, and what extra precautions you are now taking (or not) to ensure you are dealing with who you think you are dealing with on the other end of an email trail.
Chances are if you haven’t set up any additional security measures, it’s going to be simply a matter of time before you suffer your own attack or breach. Why wait for it to happen? Be proactive and prevent this from happening to your business. Fortunately, there are a number of things you can do right now and for free to help your business stay secure and protect your greatest assets – your data.
Firstly, if you have anti-spam and anti-virus technologies installed on your desktop or laptop – use them and remember to keep them updated. They are your first line of defence and if you don’t keep them updated, they won’t help protect you from the latest types of attacks that are newly created everyday. If you haven’t updated your anti-virus for months, or just forget to when it prompts you to, it basically means every new type of threat invented in the past few months will be automatically let in by your existing old anti-virus update, which make them effectively useless.
Secondly, use cloud based technologies to deliver your email such as Office 365 if you can, rather than older Exchange based systems. This is because Microsoft are adding new security features all the time to their cloud platforms, and not adding anything new to older on-premise Exchange systems.
And if you run Windows 10 on your machines, Microsoft will provide you basic but effective security technologies such as their Windows Defender Antivirus and Ramsomware protection, which gives you basic protection on your machine, for free. Make sure you are using these.
Remember you need to actually click on the link from a suspected phishing email for it to do what it was intended for, and you need to share the information it might be requesting from you, so bear in mind that the user themselves is often regarded as the weakest link in cyber security.
Our advice regarding emails, if in any doubt, just delete.
In fact over 90% of all data breaches can be traced back to what an employee usually did by mistake and unintentionally at the start – meaning you need to train your staff if you have a team, and change your behaviour if you haven’t given phishing a second thought until now.
We can offer you and your business cyber awareness training and simulation tools which measure how effective you are today to stand up to phishing attempts, and give you tools and recommendations to improve. Currently this service is available free of charge due to the coronovirus, so please use it (following this safe link below);
https://www.securityfoundry.co.uk/free-phishing-security-test
Once you have used the tools you can use for free, but need some more advice on what you could do next, then also give us a call, we’d be happy to help. Simply call 01978 345247 or email us at our enquiry email; readytosecure@securityfoundry.co.uk
