30 Mar Building a powerful cyber security arsenal – Online Threats
Cyber security should be at the top of your list of concerns, both in your business and when at home. In the modern world protecting your digital landscape against cyber criminals can be just as imperative as protecting your home against a burglar. You wouldn’t leave your house open to criminals so why do you do exactly that with your IT systems?
It is imperative that you know the potential threats to your cyber security and have the right tools in your arsenal to defend your system against them. Throughout the blog series we will explore these threats and what you can do to combat them.
Cyber security threats and ways to guard against them.
Ransomware is one of the most common cyber threats that businesses face today. It is the name of a type of Malware designed with the aim of disabling systems or encrypting files, under the promise of access being granted to the rightful owner again once an agreed fee has been paid (a ransom, hence the name Ransomware).
Cyber criminals use file encryption to force victims into paying the ransom fee. The files remain on your computer but in an encrypted form. The cyber criminals often set time limits on payments and threaten to delete files if payment is not received.
DO NOT pay the fee! When in that situation it can be extremely difficult to not panic and pay the fee – however, this is no guarantee that your data will be returned. Paying the fee also highlights that you are willing and able to pay, so you are simply increasing your chances that you will be attacked again.
Ransomware – How to guard against it.
Ransomware has a very high success rate – because as we said people ‘panic pay’ – so, with this in mind, it is vital you guard against it. Preventative measures are the way to achieve this. Let’s take a look at some of the ways of keeping your data out of cyber criminals’ hands.
- Keep your software up-to-date – Cyber criminals will exploit weaknesses in out-of-date, poorly maintained software as these are quite obviously the easiest targets. This means keeping everything up-to-date, from your operating system to individual programmes you use as well as your anti-virus software. Using a similar example as we did earlier in the blog, you wouldn’t leave an old broken lock on your door at home, would you? So why would you on your computer systems?
- Take advantage of cloud services – Cloud services such as hosted storage limits the opportunities for ransomware to enter your system.
- Take care with email attachments and embedded links – Arguably the most important of all, instruct your staff not to open any attachments or links unless they are completely confident that they come from a legitimate source. Similarly, with Phishing attacks, emails containing embedded Ransomware will often feature persuasive language so it’s always best to have that policy and – if you aren’t sure, ask! (More on Phishing attacks later in the blog series).
- Don’t enable Macros – This is similar to our last point. If an email attachment from an unknown source requires you to enable Macros to view it, it’s best just to ignore it. As we said, if you aren’t sure, ask! Enabling Macros is often enough to infect your computer.
- DON’T PAY – As we said, the pressure can get to you and that is completely understandable, especially considering that being attacked by cyber criminals, and not being able to access sensitive data that your clients have trusted you with can be a demoralising and quite frankly embarrassing situation. But stand your ground! Do not forget you are dealing with criminals; there is no guarantee you will get your files back and regain control over your systems even if you do pay the ransom, they may even ask for more money once they know you are willing and able to pay them.
These are some of the most effective ways of guarding against a Ransomware attack. Let’s take a look at another form of cyber attack and what you can do to guard against it.
Phishing is a form of identity theft. This is achieved by scammers that take on a false identity to gain access and acquire sensitive information. They typically use website links, emails, and text messages to perform Phishing scams.
The most common method is via Email. The goal of the scammer is to fool the email recipient into believing that the message is legitimate and requires urgent attention – it might appear as a message from their employer or their bank, for example. If the recipient is deceived, they then may proceed to open the email and release Malware contained in attachments, or even respond to the message and disclose sensitive identifying information, account details, or passwords.
Phishing – How to guard against it.
- Verify URLS – Verify the URLs carefully before clicking on links or submitting sensitive information. Often scammers will imitate legitimate sites very closely, sometimes almost unrecognisably close, so this is something you need to pay particular attention to.
- If in doubt don’t reply – Don’t reply to an email that seems suspicious in any way, even if it appears to come from a trusted source. Instead, send a new email to the individual in question using existing contact information you have for them – this way you know you are emailing the correct recipient and can confirm with them whether the original was genuine.
- Privacy settings – As rudimentary as some of them appear, using privacy settings on social media to keep personal information hidden works. Don’t make your address, phone number or even things like your list of friends available to anyone, as any information the cyber criminals have about you can be used against you.
- Use anti-phishing software – The aim of anti-phishing software is to prevent users from accessing malicious links and websites by activating pop-up warnings and preventing malicious emails from ever reaching you.
In the remaining blogs in the series, we will explore more potential threats to your cyber security and what you can do to guard against them.
Cyber security guaranteed with Varatech
Our team of experts will implement and maintain the cyber security of your business. Security is not a luxury but an essential part of protecting any business in the digital age, and that is why we take a security-first approach. We will educate your employees to guarantee they are doing their part to guard the security of your organisation; we go above and beyond in helping our clients and their teams get much more value from their technology by providing knowledge and training. We guarantee that our clients always come first, with a straightforward approach that provides a strong relationship between our team and yours. Contact us now and find out how we can help your business.