Here at Practical Networks, one of our primary aims is to provide you and your business ongoing awareness and recommendation of the necessary cyber defences needed to attempt to stay ahead of cyber criminals.
In this blog we’ll discuss how to stay protected, some of the main threats out there and how you should protect yourself. As always, our recommendation is avoiding complacency and never think it won’t happen to you. Hacking and scamming was big business in 2018 and revenue generated will continue to grow in 2019 to multi billion pound levels. You and your business need to constantly evolve your IT security and defence strategies to reduce your risk.
Start with the Basics!
As IT security specialists, we recommend to any business to start with the basics. The recommendations should be a given for any business large or small:
- Always AVOID using simple passwords and change your passwords on a regular basis
- NEVER use the same passwords and NEVER share your passwords with anyone
- Change ALL default administrator passwords on PC’s, servers, routers, firewalls ,wifi access points etc
- Keep ALL your operating systems and applications patched and up to date with the latest versions
- Have up to date business class anti-virus, anti-malware and anti-ransomware protection
- Deploy dedicated firewalls to help protect your internal network from internet attacks
- Have tested, working backups including offsite backups.
- Stay mindful and ALWAYS practice distrust of unknown emails, messages, files and links.
- Human element will always be a risk
Ransomware threat is very real.
Malware is extremely lucrative business for our not so friendly cyber criminals, however ransomware revenue has decreased slightly recently. This is purely down to business being more aware and reducing risks by investing in quality, proven end point protection and backup solutions that mitigate the impact of a ransomware hit. Saying this, there were still plenty of high-profile ransomware and data theft events which is why IT cyber security should be the number one focus for all business.
There are still large amounts of money in ransomware infections and it’s predicted that impacts will be reduced in 2019 but there are still many companies running poor IT security that makes ransomware very profitable.
Recommendation: Invest in anti-virus/malware and anti-ransomware solutions such as Heimdal Security and have a proven and tested backup solution.
Phishing emails have been around for a number of years but hackers are now using more innovative methods to steal your credentials by sending out mass emails with legitimate looking logos in attempt to fish out your sensitive information. It’s expected that phishing attacks will rise sharply in 2019 and campaigns become more sophisticated into tricking into supplying your information. Expect targeted campaigns where a hacker will send out documents that look like government advice dealing with Brexit for example, but really, you’re downloading and infecting your network with malware.
Recommendation: Confirm your email service is protected with anti-phishing detection services such as Email Laundry which detect, block and delete phishing and suspect emails.
CEO Fraud is a scam in which cybercriminals spoof company email accounts and impersonate executives in an attempt to fool a gullible employee usually in accounts or HR, authorising bank or wire transfers of money, large and small to scammers accounts. These scammers pressure your employees into acting quickly, without thinking and can even involve telephone calls to make the request seem even more real.
Fraudsters use publicly available corporate data gleaned from the internet to make emails as convincing as possible. By using social network sites such as Linked for example, a scammer can find out who the bosses or senior financial officers are very easily and quickly.
Examples of CEO Fraud:
- A scammer poses as an executive of a company instructing staff to make a payment into the scammers account – usually by email or telephone request.
- Fraudsters pose as the IT department of a bank stating they want to make a test transfer but really its not a test
- Supplier invoices are obtained and requests for invoice payments are made to a new bank account
- Employees click on links within phishing emails installing malware which authorise small payments to the scammers account.
Recommendation: Make all your users more security aware, test their ability to be duped and train if there is a knowledge shortfall while confirming your email security protects against CEO fraud emails.
We hope this blog has raised your awareness of cyber security and highlighted some of the more common threats happening today. If you believe you could be at risk and want more information on the security products and services we recommend please call us on 01723 587240 or email firstname.lastname@example.org