What does “IT Solutions Provider” mean to you? Coming from me, it may seem like an odd question,...
It's almost unfathomable to think of a world where we are not connected to one or multiple devices at the same time. From our mobile device, tablets to laptops to in-car systems like Apple CarPlay or Android Auto, we are always-on. But the convenience of connectivity increases potential attack vectors and opens companies to increased cybersecurity threats. That's why you need a robust solution that strengthens your technology and helps prevent cyber attacks on your company, now.
For individuals, ensuring every account has a unique, strong password, enabling multi-factor authentication and using up to date antivirus software are three quick tactics to increase your data protection. For companies, guarding access to your company's sensitive information requires a more comprehensive network security plan that factors in all potential attack vectors to provide the highest level of endpoint protection. While we strongly encourage companies to partner with an IT Security team that can strengthen their technology and simplify their security, the process doesn't happen overnight, and with cyber attacks constantly on the rise, you need something that helps now.
The fastest way to secure your company against cyber attacks is to identify and address the number one most successful attack vector: our everyday email.
From general Phishing to highly targeted social engineering campaigns, malicious actors target users at every level of technical competency to great effect. By using malicious email as the door for viruses, malware, ransomware or the more subtle Advanced Persistent Threats, cyber attackers can bring companies to their knees.
Now you may be asking, "don't most email services provide security filtering?"
Filtering, yes. "Security" would be a generous word.
Most email providers or programs have a level of "filtering" that essentially labels and sorts emails into separate categories like “Junk Mail”, “Clutter” or “Quarantine”. The filters search message header information for evidence malicious intent, compare the sending address to a blacklist of known spammers, and label and sort accordingly.
This offers a low level of protection as most people open their Junk Mail for one of two reasons: to search for an expected email that isn't in their inbox (like a password reset email, booking confirmation or the 'welcome' email from a new subscription like Movaci's eNewsletter), or to delete everything in it.
In that regard, filters offer some level of protection against obvious threats. However, virtually all built-in filters use the same protocols, meaning if a malicious actor can bypass these protocols, they walk right into your inbox. The verdict for email filters? They're useful in managing the volume of email we get on a daily basis, but entrusting one's security to the filters alone could be a costly mistake, as they don't filter out real threats.
The “real threats” we’re referring to are the seemingly harmless emails which are skilfully crafted to make it to your inbox and convince you or your staff to open them and their attachments or links. We get so many obvious advertisements and potential scams that we think that we all can pretty much tell the good ones from the bad. However, cyber criminals are not so dumb as to only prey on the overly gullible. They’ll take the low-hanging fruit with junk emails easy-to-spot junk emails, but they don’t stop there.
Real threats are malicious emails which are clean enough to bypass your built-in filter, and look authentic enough that you won't simply delete them yourself.
HOW TO IDENTIFY COMMON CYBER THREATS
To help identify these real threats, let's define them.
Phishing Emails.
Phishing is the term used to describe an attempt to get you to give or input sensitive information in order to steal valuable assets.
This typically comes in the form of an email either asking for you to reply with sensitive information such as such as passwords, banking, or personal ID info. Many times, providing you a link to a fake website that looks like a legitimate bank or other agency or service you use and asks you to login, reset your password, or fill out some kind of form that submits the information to them. They can then use this info to gain access to your actual banking or other accounts and property.
Spear Phishing Emails.
Spear phishing is a form of cyber attack that specifically targets the victim instead of just random people.
Spear phishing is a tailored attack which may use specific names and details about the target to make the scam more convincing. Whereas a phishing attack may come from "a" bank, a spear phishing email would look like it came from your bank.
Spoofing
Spoofing is when a malicious person pretends to be someone else by faking their “sent by” or “return” email address.
They do this to gain your trust and ultimately use that trust to scam you in some way. People are far more likely to go along with an offer from who they think is a friend or trusted contact than a complete stranger.
Ransomware
A ransomware attack is when a hacker uses a computer virus or malware to lock up your computer and all its data until you pay the cyber criminal what they demand.
Ransomware can find its way onto your computer in all usual ways including email attachments, unsecure links, file downloads, external and handy drives, etc. Ransomware has grown in popularity with cyber criminals and is a common threat for all types of organizations and individuals.
The tips above are helpful in avoiding ransomware, and you can further strengthen yourself by ensuring you have secure, cloud-based backups of your data, passwords, personal identification and important documents.
Advanced Persistent Threat
Advanced Persistent Threat is a kind of cyber attack where a hacker gains access to your system and covertly uses your system toward their own ends.
Rather than locking you out or destroying your computer systems or data, the hacker instead may steal or harvest your sensitive data for nefarious use, spy on your activities, and possibly use your system to carry out their cyber crime with you being left unaware of the data breach and seemingly unaffected in your daily life. They infection method is usually a virus, so guarding your email is the fastest way to secure your company against APTs.
HOW TO ADDRESS COMMON CYBER THREATS
Now that you know the common threats, here are some practical tips you and your staff can use today to up your game and quickly strengthen your company to prevent cyber attacks.
- Always verify who sent the email.
An email, its subject, and content may look just like one you would normally expect to get, but that doesn't mean it is. Cyber criminals and hackers will go as far as registering a domain name that looks official or even something similar to a company they’re trying to imitate, for instance, Microsoft.com (real) vs. Microsoft.com.xyz (fake example). On quick glance, it might seem legit, but look closer and you might see something suspicious that could be a cyber threat.
To strengthen yourself against spoofing, pay attention to the "subject" line of the email and the content. If it seems "off" double-check the sender's email address and the header info of the email.
If you are not certain the email is from who is says it is, contact them through a different communication channel to verify.
- Don’t open links or attachments you are not certain about.
Even if the email sender seems legit to you, that does not mean that the address hasn’t been spoofed, or that the sender themselves hasn’t been hacked and their email hijacked.
When in doubt over an unexpected email, it is best to confirm using other sources such as saved links instead of the ones in the email, internet searches to find what they are referring to on your own, or even contacting the sender by phone or alternative contact to verify important information.
Time and time again, people have been tricked into things such as logging into fake vendor websites, exposing their password credentials, or getting a virus from opening what they thought was something as simple as a PO, credit note, or catalogue.
Whenever possible, preview the link to verify the page it will direct you to, and if you are ever uncertain just open your web browser of choice and login directly to the actual page. One extra step could save you or your business a data breach and avoid world of hurt.
- Use secure email services.
All email services are not the same. Some provide spam filtering. Some provide virus scanning. Some provide inbound and outbound encryption along with a host of other services and features for security and convenience. Movaci can help you get the most out of your current email service by correctly managing all the online and local inbox settings, or provide an upgrade if you need something more robust than you already have. With Secure Email from Movaci you are ensured:
- Your inbox locked-down.
Two-layer SPAM and antivirus filters protect your. - Your data stays secure and private in transit.
Complete privacy protection for sent and received emails through Transport Layer Security (TLS) encryption. - A comprehensive secure email communication solution for individuals and organizations.
HOW TO AVOID COMMON CYBER THREATS
With how much we all rely on email, it is very important that we take its security seriously and be mindful of the ways in which we can be duped by the ever-growing number of cyber criminals and not only made a fool of, but also incur significant losses for ourselves and our businesses. Luckily, there are resources online and through Movaci that you can take advantage of to help secure this all-too-often exploited channel of communication.
If you're ready to launch the fastest way to secure your company against cyber attacks, start by implementing our helpful tips, and continue by getting in touch with Mike for a free 30-minute consult to help strengthen your technology and simplify your security.
Until next time,
Christopher M, CEO
Follow us on:
Book a FREE 30-MINUTE Consultation with Mike
To keep to date with the latest news and trends in cybersecurity, sign up for our eNewsletter.
