Cybersecurity 101: Protecting your devices through education & smart response

In our last post, we discussed the power of technology to put your organization one step ahead of the competition. Businesses are gradually recognizing this opportunity, and as they increase their use of technology, an associated risk emerges: data security.

While c-suite executives are increasingly siting cyber-security as a leading priority, studies have found that the majority of organization are unprepared in preventing or mitigating advanced cyber-threats. While steps to change this trend is a whole issue in and of itself (stay tuned for more thoughts on that in the coming weeks), we wanted to start out by educating you on the most common cyber threats that clients have brought to us in 2016 and what you can do to both guard against and mitigate damage from them.

One of the main ways to protect against malware, hacking, and viruses like those sited above is to avoid unnecessary application installations (i.e., tool bars, pc tune up apps, and just about any “free” application). If a “must-have” situation arises, verify that the company you are downloading from is real and always, always, always download from the vendor site, not a third-party who could have rebuilt the installation file to infect your system!

That being said, if any unusual pop-ups or messages come up on your phone, computer, tablet, etc., ask questions before acting! While this may seem to be common sense, you would be surprise how many people break this golden rule. You can avoid serious costly damage by being aware and not being afraid or ashamed to ask for help.

To help you be “aware” of red flags, here are three of the most prevalent cyber threats that you should be aware of:

WHALING
Also known as personalized phishing (or “spear-phising). In this scenario, a hacker accesses private information to learn about you and then commit customized fraud. In our client’s case, someone broke into their email and was able to get sensitive information about a new house purchase. S/he used information to commit fraud in a way that was very difficult to catch. While it’s hard to know if you’re the target of a whaling attack like this, there are some red flags you can look for: odd requests that seem to come out of the blue, links that don’t make sense to normal everyday communications, and attachments that are not generally sent by the purported senders are all things to keep an eye out for!

FAKE TECH SUPPORT POP-UP
This increasingly common cyber threat appears as a pop-up in your browser when you are on the Internet. The pop-up, which doesn’t look exactly like your web browser (it’s typically just a plain window) will ask you to call a “tech support number” because of system problems. The key here? Don’t call! If you call/accept, the hacker will get complete access to your computer (and possibly your entire corporate network). Another one of our clients recently made the mistake of calling before reaching out to us, which required costly system repair for their organization. For more information about this virus, see the Internet Crime Complaint Center’s (IC3) public service announcement.

WIRE TRANSFER FRAUD
This simple scam is becoming increasingly prevalent as well. It can be very hard to notice and might slip into your environment quickly depending on how you operate your business. The scam starts with a simple email from the owner, CFO, or someone with check-writing rights in your company going directly to a person that has the ability to perform a wire transfer for the business. Here is an example of an email that “Mary,” a company’s accountant, might receive from what appears to be her company’s owner “John.”

To: Mary@company.com
From: John@compamy.com
Subject: Urgent Transfer Needed

Mary,
I hope you are having a great day but I’m in urgent need of a quick wire transfer. Can you please let me know if we have $32000 available to send out this morning? If so, I will send you the rest of the information to get this going.

Thanks,
John

Look closely. Do you see the small difference between John’s email address and Mary’s? The scammer has created the domain name with a small variance that s/he is hoping Mary will not notice. There are several versions of this scam but in all of them, the scammer knows more about your business that you would think possible. They will send these emails while the business owner is on vacation or to Mary’s direct report when she is out of the office. The moral here? Scammers are clever and know more than you think. Alertness and caution are key.

While an organization’s leadership may understand how important a strong cybersecurity defense is, it is just one of a host of business priorities they have to balance. Often, C-suite executives will not act until it’s too late. While this is a trend we are working hard to change with our clients, as long as you are open to these kinds of threats, the key take-away in each of these examples is: be aware and ask questions before acting. Exhibiting caution when any unusual messaging comes up and asking for help will go a long way in keeping you, your devices, and most importantly, your data safe and secure.