Online security threats & how to protect your business from them
Cyber criminals are continually coming up with newer more sophisticated ways of attacking businesses, which can make it hard to stay protected from the latest threats.
The role of the web in running a business is also increasing, giving criminals more potential targets. According to 2017’s Cyber Security Breaches Survey, 85% of businesses now have websites, 59% have social media pages and 61% hold personal customer data electronically.
The survey found that nearly half of all UK businesses were hit by a cyber attack in the past year. The consequences of such attacks ranged from websites being taken down and software being corrupted, to loss of access to third party systems the businesses relied on.
While there are numerous types of online attacks, I have detailed below some of the most common ones your business needs to be protected from.
Ransomware
The cyber attack on the NHS in May brought ransomware to the attention of many people, who may previously never have heard of it.
Such attacks either completely lock users out of their computers, or encrypt their information, and demand payment in order to restore access.
For the attackers to gain access to your system, someone usually needs to download an infected attachment, or click on a link.
How to protect yourself
To begin with, employees need to be taught to be wary about emails from senders they don’t recognise.
It’s impossible to guarantee you’ll never fall victim to such an attack, so you also need to back up your data. This means you won’t have to experience significant downtime, which can affect your business operations.
Phishing
Phishing attacks send out emails designed to trick the sender into revealing sensitive information, such as passwords or personal details. Criminals then use these details for further crimes, like identity theft.
Fraudulent emails are the most common type of attack experienced by businesses in the UK.
How to protect yourself
Employees need to be educated about the risk of sharing sensitive information online.
Rather than calling the phone number given in such emails, or clicking the web address, it is best to find out such information yourself to ensure it is legitimate.
Whaling Attacks
Unlike other attacks which target users en masse, whaling or CEO fraud is designed to hit specific companies. The attackers spend time researching their victim and gathering information they can easily find online. They use the information to impersonate senior executives at companies and send out emails in their name. They’ll then ask for large sums of money, or sensitive information.
How to protect yourself
Intelligent email security can be used to check if emails are from a genuine source.
Employees also need to learn to look out for tell-tale signs an email may not be genuine, such as a slight alteration in the format of the email address. Hackers sometimes simply add an extra symbol or letter to the real email address.
Sensitive requests should also be verified via another channel before they are authorised. Simply calling the email’s sender to confirm the request is enough to identify such attacks and prevent huge losses to your business.
Malware
Malware is an umbrella term for several types of attacks including viruses, worms and trojans.
Viruses can be sent via emails, or automatically downloaded when you visit an unsecure website. They replicate themselves and spread through computer networks where they cause damage to files, or even allow criminals to access your computer.
Worms exploit security vulnerabilities in operating systems and can give attackers the ability to remotely control your computer. They can do this to several computers, which they then use to create a network to carry out further attacks like distributed denial-of-service attacks. DDOS attacks are used to overwhelm websites and cause them to crash.
You may not know you’ve been infected with a worm or virus until your computer begins to slow down, or programs start to crash repeatedly. You can also be unwittingly infected by trojans which infect your computer by getting you to download software which appears to be legitimate.
How to protect yourself
Installing security updates and patches to operating systems and software is crucial to remaining protected from such attacks. Firewalls and anti-virus software can also be used to prevent criminals from infecting your computer.
If you’re unsure about a website, look for the HTTPS letters at the start of the URL, which indicates it meets certain security standards.
Password Attacks
Guessing passwords is another incredibly common way attackers can gain access to your business.
Password cracking software can be used to go through all the words in the dictionary and any common combinations. It can run through thousands of combinations in seconds, which means even if you only disclose partial information you’ll make their job easier.
How to protect yourself
Strong passwords need to make use of a combination of letters, numbers and symbols, which don’t make up a word, or use an obvious date like a birthday. A good way to set a strong password you’ll remember is to use the first letter of each word in a phrase.
Always change the default password you get for any system and limit the number of unsuccessful login attempts someone can make.
Security Essentials
Anti-viral software, firewalls and backing up data are just some of the fundamental security measures you need in place. In many cases, humans are the weakest link, so you can achieve a lot by training staff in cyber security.
The Government endorsed Cyber Essentials scheme is a great starting point as it addresses the most common online threats, which use widely available tools and require little skill.
To find out more visit Air-IT.
September 2017
September 2017