It has come to our attention that many of our customers have seen an increased number of phishing campaigns over the last few weeks and it has become clear that there is some concern regarding the best way to deal with these emails. As an IT organisation ourselves, we know for a fact that security issues come in many different forms and it just so happens to be the case that phishing has the potential to be a very devastating variation of a cyber-attack. In the opening months of 2018, extremely convincing phishing campaigns have been catching vulnerable business off guard so we thought it would be prudent to provide some insight and practical advice when it comes to spotting and overcoming these manipulative messages.
1: Train your staff to know what to look for
Training your staff to be aware and vigilant of all attachments and links from unsolicited emails can be a great way to start preventing the possibilities of a potential phishing attack. All emails with attachments should be treated with caution, even those from friends, family and colleagues. Make sure you can spot common aspects of phishing emails, for example very unspecific information such as “take a look at this”. Phrases like this should raise concern, but whether they are hostile or not can be easily verified by replying to the email asking if the assumed contact actually sent the email. When you respond to these emails, the real person will receive the question and the virus or phishing attempt won’t receive your response. If the person says they didn’t send the email – good job – you just mitigated a potential dangerous attack.
2: Deceptive URLs and domain names
It is imperative that all links in emails or documents, recognised or not, are checked and verified. This is very easy to do. By hovering over links, you are able to identify the actual site the link will take you to, and if it looks suspicious simply do not click it. In addition to this, if a link takes you to a site asking for a username and password be wary. Check the address is correct and know that people might use very similar (misspelled) variations to fool their victims. Another common URL trick is to hide the address bar so you can not verify if you are on the wrong page.
3: The message contains poor spelling and grammar
Large organisations usually review every email, letter and notification for spelling, grammar and legality issues amongst a wide variety of other things. If an email contains poor grammar or any spelling mistakes, it’s likely that it’s illegitimate.
4: The email makes offers that sound too good to be true
If you get an email offering technology for extremely low prices (for example at a 90% discount) then you know it’s a scam. These emails usually tell the recipient that there is a “deal for a limited time” and often catch people out on their impulses for gratification. It’s highly likely they just want to steal your card details.
5: Asking for money to cover costs
Over the last few weeks, a wide number of phishing emails asking for payments to cover costs have been plaguing businesses all over the UK. The senders of these emails usually mimic an email address of a colleague (such as your boss) and will send you an email asking you to make the payment. These emails usually look extremely convincing and will base their attachment design off common invoices from banks, service providers and websites. The senders of these emails gamble on you not questioning the request of your superiors, as they pretend to be a trusted colleague, and therefore are one of the most manipulative.
6: The message is random and uninitiated
Phishing attacks often leech off of the popularity of services such as the lottery or other competitions to steal personal information. An example of an uninitiated attack would be receiving a message in an email claiming that you have won a competition even though you never entered one. These attacks can be successful because many people do enter competitions and draws such as the lottery, so there is a high chance the recipient can be fooled.
If you have any concerns or questions don’t hesitate to call us on 01189 186822 or contact us by email on firstname.lastname@example.org.
Since remote working, have you seen a rise in the amount of suspicious/spam emails? Perhaps some are stating “urgent request” or ‘document shared with you” Maybe a few have even broken through your filters into your inbox? This is only the tip of the iceberg of concerns for companies who are remote working. During COVID-19, threats to our cyber security systems have increased exponentially, so now is the time to really ask yourself, is my cyber security posture the most secure it can be, with all these extra risks and threats we are facing with remote working?
What do we mean by Cyber Security posture?
We all know about how to retain the correct posture at your desk through all the health and safety audits we have sat through (no pun intended) but what do we really mean by posture when it comes to cyber security systems?
Just like sitting the right way, and having your desk set up correctly can help prevent potential injury to your body, a good cyber security posture will help prevent serious injury to your systems especially, security breaches and cyber-attacks. Your posture in this manner of speaking is how secure you and your workers are from these potential threats.
From a recent survey Barracuda carried out, they found that almost half of all respondents from global businesses have encountered at least one cyber security scare since shifting to remote working, during this Covid-19 lockdown. This shows that now more than ever, it should be a priority to make sure your cyber security posture is secure and that you are confident in your systems, tools, as well as your employees.
Things to consider in order to be cyber secure
Equipment and VPNs
There are many different factors to consider, in order to ensure your cyber security systems are the most secure they can be with remote working. One of the most important things to start with is to make sure you have a secure VPN for all your employees to use. This is vital as home broadband does not have the same security protocols and will not be 100% secure and safe. You can read more about the importance of VPNs on one of our previous posts here.
You also need to make sure that all your employees are using authorised, protected work devices at all times. It is all too simple for an employee to decide it is easier to send and receive emails from their personal mobile. But, this should be stopped, to help prevent potential security breaches. You can do this through a simple fix which requires the employee to get admin permission to set up email accounts on different devices. This will also enable your IT team to monitor who tries to use non-authorised devices to access work servers.
When your employees are in the office, it is easier to pop over to their desks to remind them of upcoming IT updates that need to be completed. However, this is something that often falls by the wayside by both employers and employees when remote working. Make a point of sending out reminder emails when updates are due. Those updates are key to continuing to retain a strong cyber security posture, in order to help protect your company from threats.
On the topic of email reminders, when was the last time you emailed your employees reminding them to stay alert to phishing/scam emails? Phishing emails spiked by over 600% since the end of February reported in info security magazine. This is due to cyber criminals have begun to take advantage and capitalize on the fear and uncertainty generated by COVID-19 pandemic. This could cause serious problems for your company and it only takes a single employee to open one resulting in a security breach.
GDPR. The new set of guidelines brought in which changed the way we share and store data completely. With remote working, it is just as important if not more so to remember GDPR, and ensure all staff is remaining compliant. This includes ensuring any sensitive data being sent to a 3rd party is encrypted with the relevant security, and that files are shared in the correct manner, and not in a way that could be intercepted by hackers.
There is a multitude of file sharing sites out there which will enable your employers to share documents securely and help keep your cybersecurity posture strong. Make sure your employees are aware of the importance of encryption and sharing data responsibly and securely.
But, what happens if your staff suspects a potential breach to your cybersecurity systems? Do your employees know what to do, should they suspect this? If you can’t instantly and confidently say yes then make sure you remind all staff on the protocols so that if the worst does happen and a breach does occur, you can be alerted straight away and ensure minimal damage and disruption.
So, how do I know my cybersecurity posture is the most secure it can be?
You may be reading through this article saying to yourself “I already make cybersecurity one of my top priorities” but can you put your hand up and say with 100% confidence, that your cybersecurity posture, is as secure as it can be?
Don’t worry if you can’t, you are not alone. According to Barracuda’s survey, over 41% of respondents had doubts over how secure their web applications were, and who can blame them, with so many new cyber threats appearing each day?
There is a simple solution for this, which can help to put your mind at ease and provide a full security report within a matter of days. Security assessment tools such as our CTAP assessment are designed to help identify any areas for concern to help strengthen your cybersecurity posture. This will not only assess all your cybersecurity systems for potential weaknesses, but the analysis results can also lead to an improvement in productivity and utilisation. Assessment tools such as ours are key to ensure your cybersecurity posture is the strongest, and most secure it can be.
It’s clear to see that remote working has put a lot of extra pressure on companies worldwide. With no foreseeable end right now for remote working. Our priority is your security and peace of mind so that you can focus on your company, and not worry about cyber threats.
To find out more about what Nouveau can do for you or about our new CTAP tool call us on 01189 186822 or email us on email@example.com