According to the latest Government statistics, 39% of UK businesses have identified a cyber-attack within the last twelve months. As a company, we take our online security extremely seriously and have invested a significant amount of money into staff training and new IT solutions, such as our Portal, to help minimise the risk to our clients.
The emphasis is (rightly) on companies to protect their clients. However, a recent example from one of our clients highlighted the importance of us all being aware of the potential threats cyber criminals pose, and taking the necessary precautions to ensure that we do not become a victim of cybercrime.
We work with Compex IT for all our IT and IT Security needs and Director Mark Dodds has provided this helpful guidance regarding the threat of cybercrime and the practical steps you can take to protect yourself.
Identifying a Potential Threat
The most common way for a company or individual to become a victim of cybercrime is by a method known as phishing. Around 90% of data breaches occur as a result of phishing and around a third of phishing emails are opened, which shows that more can be done by individuals to ensure they are aware of the threat.
Phishing emails try to trick you into clicking a link, opening a file, or taking any action which causes harm. Attacks take several forms, each with a different way of trying to achieve a similar result.
- Most phishing emails are sent to thousands of people at random. It might look like it’s from Amazon asking you to update your details, but the criminals have just thrown a lot of mud, hoping that some of it will stick.
- Spear phishing is more targeted. It might include your name in the greeting and look far more ‘authentic’ and personalised.
- Similarly, another more sophisticated method is a Business Email Compromise (BEC) attack. BEC attacks are usually targeted at a senior employee, or even the business owner, and try to trick them into transferring money or handing over sensitive information.
- CEO fraud is when a company executive or the business owner is impersonated in emails to colleagues or clients. This can involve email address impersonation – or spoofing – and they often request funds to be transferred. Attackers take time to study emails to get the right language and tone to convince the recipient that it’s a genuine email. MPA takes this threat very seriously and would never make such requests via email. If you receive such an email, please notify us immediately.
How to Spot Phishing
Whilst phishing emails can look authentic, there are a number of warning signs that can help you identify a scam email.
- Misspelled words, websites or email addresses.
- Oddly named attachments.
- Who the email is addressed to.
- Poor grammar and punctuation.
- An unusual layout to the email.
The Objectives of Phishing Attacks
The impact of phishing attacks can vary, but the criminals have three main objectives:
- Data theft – scammers will use ‘credential phishing’ to steal your personal information.
- Malware – some attacks will install malicious software onto your device, which can potentially spread through your network. This could include spyware, which can log your keystrokes and track you online; or ransomware, which encrypts your data and demands a ransom to get it back.
- Wire transfer fraud – CEO fraud and BEC attacks in particular attempt to persuade a target to transfer money to an account controlled by the attacker.
It’s a People Problem
Whilst virus protection can help, the human element remains a critical vulnerability for both businesses and individuals alike. 82% of breaches against businesses involved a human element! This is why MPA has invested significantly in staff training to ensure we remain vigilant against cyber threats.
It is essential that we do this, and that you remain vigilant too so that your data and your money can be protected. 1 in 99 emails is a phishing attack, so it is important that we all take the necessary individual action to minimise the chances of becoming a victim.
Action You Can Take
- Backup all data, every day
- Watch out for bad emails. Use software and if you are unsure, delete it.
- Keep all software 100% up-to-date, all the time.
- Hover your cursor over the sender’s name in your emails, as well as any website addresses. This will show you the actual email address used, or the website you’re being directed to, meaning you won’t visit a scam site.
- Check all emails to make sure they’re genuine. Even if they’re from close friends or colleagues.
- Use a password manager to make sure passwords are long and randomly generated, making them virtually impossible to guess.
- Implement multi-factor authentication across applications (where you use a second device to prove it’s really you logging in). Microsoft multi-factor authentication blocks 99% of account based hacks.
- DON’T log in to any of your accounts by following a link in an email. Go directly to the website that you always use and login that way.
- DON’T use the same passwords across different online accounts. Cyber criminals will often try your credentials on countless other sites once they’ve stolen them. Using different login details will keep your other accounts protected.
We hope you find this information helpful. If you have any concerns and would like to speak with us, please don’t hesitate to get in touch.