21 Oct Knowing Your Cyber Threats

In the modern world we live in cyber security should be one of your biggest business concerns. Some business owners are under the impression that because they aren’t a massive multinational conglomerate, with yearly profits in the millions, they won’t be of any interest to cyber criminals, but they couldn’t be more wrong. Cyber criminals are opportunistic. Of course, like anyone, they want to get the highest possible return for their efforts – but being a smaller business and having a lower turnover than your competition doesn’t mean you are immune or overlooked.

Being a smaller business actually puts you higher on the radar of cyber criminals in some cases as they know that your security measures are likely to be less equipped in comparison to your larger counterparts. Unfortunately, guaranteeing cyber safety is impossible – but there are some things you can do to make it as hard as possible for cyber criminals to attack your systems successfully.

In the remainder of this article, and the one following, we will explore the potential threats to your systems, why they should concern you, and what to do to stop any attempted attack in its tracks before it has the chance to cause business-defining damage to your systems.

Let’s explore the elements of cyber security that are influenced more by your users – otherwise known as your ‘Human Firewall’ – as opposed to you as a manager.

Cyber threats, why they should worry you, and what can be done to stop them

Phishing

Cyber criminals often use Phishing attacks. A Phishing attack requires the cyber criminal to take on a false identity in order to lull their target into a false sense of security, in turn granting them access to sensitive information, such as bank details or passwords. The most common way to perform a Phishing scam is via email but other methods include website links, text messages (known as Smishing), and phone calls (known as Vishing). The popularity of this method likely stems from the variety of different ways that the attack can be carried out.

They are trying to make the recipient believe not only that the message is legitimate but also that the source it comes from is too. They then evoke a sense of urgency intending to force the recipient into replying quickly with little forethought of the consequences of their actions – they often pose as an employer or the recipient’s bank to gain this trust.

Protect yourself against Phishing attacks

Considering the damage they can do if successful, Phishing attacks aren’t difficult to defend against – if you know what you are looking for and stay alert at all times. Let’s list some of the ways you can tell whether a website, email, or link has come from a legitimate source, or whether it is a cyber criminal trying their luck.

1. Stay alert! Dissect URL redirects – first verify the URL of the new site against what you know to be the legitimate one.

2. If it doesn’t feel right, it probably isn’t! Never reply to an email that even remotely feels suspicious. Send a new email to the individual or business in question using trusted contact information you already hold for them you will be able to tell from the reply whether the other one is actually from the claimed source.

3. Use the privacy settings provided on social media to keep personal information hidden. Don’t make your address, phone number or even things like your friends list available to anyone – the more guarded you are with your information the less likely it will be used against you.

4. Use anti-phishing software. These software programs are widely available. They aim to prevent users from accessing malicious links and websites by activating pop-up warnings and preventing malicious emails from ever even reaching you.

The long and short of defending your systems against Phishing attacks is to THINK! As we said, if it doesn’t feel right, it probably isn’t! Think before you act!

Ransomware

Ransomware is a form of Malware, which disables or encrypts the files on your system, in the process granting the cyber criminal full ownership of your data. They will then demand a ransom in return for giving your access back.

Cyber criminals will again evoke a feeling of urgency by placing time limits on payments under the threat of deletion – this often forces the hand of many to act instantly, without forethought.

You can’t blame business owners for granting the cyber criminals’ wish and simply paying the demanded fee, as highly stressful situations make people act quickly for a rapid resolution. Unfortunately, once having paid them there is no guarantee that you will have your data restored. Think about it – they are criminals – are you really going to trust them? To add insult to injury, doing as they say in fact makes it more likely that you will be attacked again, because by doing so you advertise not just your ability to pay financially but also your willingness to do so.

Protect yourself against Ransomware attacks

Cyber criminals are increasingly using Ransomware as their preferred method of attack. According to Cognyte research, 1,097 organizations were hit by Ransomware attacks in the first half of 2021. In contrast, their 2020 report found 1,112 Ransomware attacks for the entire year ¹  This is due to its high success rate in terms of pay-outs. As the old adage goes, prevention is better than cure, and this is true for Ransomware. Remember that you cannot ever guarantee that your systems won’t be attacked. Let’s look at some considerations you can make to be sure that you have the best preventative measures in place which are capable of keeping your files out of the hands of cyber criminals.

1. Ensure that your system and software are operating on the latest model. Cyber criminals are usually tech savvy – they have the ability to exploit the weaknesses in your out-of-date and poorly maintained technology.

2. Be wary of email attachments and embedded links. Don’t – under any circumstances – open any attachments or links unless you are 100% confident that the source is a legitimate one! Ransomware is similar to Phishing as the criminal performing the attack will use persuasive language to tempt you into acting in the way they wish, so it is always best to stay calm and always be cautious.

3. Never pay them! This is the biggest rule of all! Yes, the pressure to pay can be great and the way the criminal speaks may make it seem like they are genuine and that they will give you your access back once you have paid – but, as we have previously said, payment is no guarantee that you will be allowed to regain control.

4. Use Cloud services wherever possible. Not only do Cloud services increase the capabilities of your system but they also limit the opportunity for Ransomware to gain entry into your system.

Familiarising yourself and your team with some of the most common ways that cyber criminals attack your business will put you in good stead to a more secure future. In the following article we will be looking at what your role as management is when considering the protection of your systems.

Cyber security guaranteed

Since our conception back in 2005, we at Vostron have operated under a series of predetermined guiding principles, agility, people, and approachability. With those principles adopted wholeheartedly throughout everything that we do, along with our progressive approach in helping our clients to achieve their business goals in the most cost-effective and secure way possible, we are proud to say that we have earned the trust of a loyal customer base across the UK (from our home in Southampton).

Please don’t hesitate to get in contact to find out how we can help you!