For the month of July, we are putting in the spotlight two key areas relating to our Hazard of the Month, Cyber Attacks. These key areas are Cyber Security and Phishing Awareness.
An increasing number of organisations are being seriously impacted by cyber incidents; in just the last week, there has been instances of a gang-led cyber attack on over 200 firms, phone malware used to spy on human rights activists, journalists and lawyers over the world and allegations that China has hacked Microsoft software. It’s not just the large, global companies that are being targeted either; a study published in March 2021 found that over the previous 12 months, four in ten businesses (39%) reported having cyber security breaches or attacks in the last 12 months and this was higher among medium businesses (65%).
Cyber attacks can come in many different forms but there are two main types of threats:
- Untargeted attacks where attackers indiscriminately target as many devices, services or users as possible. Examples include phishing (sending emails to large numbers of people asking for sensitive information (such as bank details) or encouraging them to visit a fake website) and water holing (setting up a fake website or compromising a legitimate one in order to exploit visiting users.)
- Targeted attacks where your organisation is singled out because the attacker has a specific interest in your business, or has been paid to target you. These are less likely to occur to SMEs but have the potential to be the most damaging. Examples are spear-phishing (sending emails to targeted individuals that could contain an attachment with malicious software, or a link that downloads malicious software and deploying a botnet (to deliver a DDOS (Distributed Denial of Service) attack.
Every organisation should have cyber security measures in place no matter how big or small they are; the risk is far too great to leave yourself vulnerable. There are a lot of simple and accessible procedures you could up it in place, for example:
- Create separate passwords for your organisation critical accounts.
- Create strong passwords using three random words.
- Save your passwords in your browser.
- Turn on Two-Factor Authentication.
- Keep your organisation device up to date.
- Back up important organisation data and key contacts.
For more detail on these measures and for more advice, you can read the National Cyber Security Centre’s guide for SMEs.
To make sure you and/or employees within the business are up-to-date with cyber security, our E-Learning course is a great resource to use! It helps users to identify online scams, avoid irreputable sites and demonstrates how to protect themselves from falling victim to Cyber-Crime.
The most common, everyday form of cyber attacks is Phishing attacks; almost everyone has received a dodgy-looking phishing email at some point in their lives! Phishing is when attackers attempt to trick users into doing ‘the wrong thing’, such as clicking a bad link that will download malware, or direct them to a dodgy website. Phishing can be conducted via a text message, social media, or by phone, but the term ‘phishing’ is mainly used to describe attacks that arrive by email.
Phishing emails can hit an organisation of any size and type, either through a mass campaign that can reach millions of users directly or through a targeted attack on your company. The latter is known as ‘spear phishing‘.
Here are some signs to look out for that could mean something is a phishing email:
- Unrecognised email address – if you don’t recognise the sender you should be cautious, especially if when clicking on the email address it shows a domain that looks like it is not a real person/company.
- Does not dress address you by name – most emails from legitimate companies will address you by name
- Unclearly labelled attachments – if you are not sure, do not open it. Check with the person who sent it first if you can to ensure it is legitimate.
- Check for inconsistencies or spelling/grammar errors – poorly written emails with errors can be a sign it is not from a legitimate and reputable company. In addition, do not trust what you read if it is out of the ordinary.
- Asking you to provide sensitive information – phishing emails often do this with a sense of urgency, for example, saying if you do not log in via a link by providing your password within the time limit you will lose access to your account.
If you would like to learn more about Phishing Awareness, our e-Learning course is an affordable and effective online course that can get your workforce trained up in no time!
We cannot stress how important Cyber Security and Phishing Awareness training is to businesses; it is invaluable to protecting your company’s confidential data and therefore, your reputation and money! For this reason, you can get 10% off these two courses exclusively in July by using the code ‘cyber10’ at checkout! Don’t miss out on this time-sensitive offer, get your courses from our shop today!