Considering cyber criminals ‘lazy’ is a huge mistake. They are as lazy as sharks who perpetually swim in search of prey, and the smart play is to follow the path of least resistance. Everybody picks the ‘low hanging fruit’ first. Wolves go after the weakest in the herd. It’s not just human nature, it’s the law of the wild.
The easier it is to hurt businesses and take their money, the more time they have to attack other businesses, and the more money they make. The question every CEO should ponder is: “Have I made myself easy prey?”
Email phishing attacks are by far the most common tactic used to effect a Cybersecurity breach, wherein deceptive emails encourage the end user to click on a malicious link or attachment which releases the malware into the network.
It doesn’t matter if you have the best in-house IT support or outsourced Managed Services Provider (MSP) in the world. NOTHING can reliably prevent an employee from unwittingly clicking on a malicious link or attachment – any more than a fireman can prevent anyone from tossing a lit cigarette into dry weeds. It’s what happens after the fact that separates the Managed IT Services experts from the garden variety ‘IT guys.’
A top-notch MSP will have set up the network defenses to isolate the intrusion in the originating workstation, wipe the computer clean and reinstall the data from any one of several reliable, protected backups – usually within a couple of hours. BUT this all relies on end users who have been trained on what to do when an infection occurs. The first step is immediately switching the workstation OFF – even if it means a hard shutdown.
Email is the river upon which almost all business traffic (and cyber-crime) navigates, and it’s not going to protect itself – no matter what safeguards your IT team has put in place. It is crucial to foster effective cooperation between an aware, concerned workforce and the IT provider.
Business Email Compromise (BEC) is one of the fastest growing forms of cyber-attack.
What is the goal of BEC?
The primary goals of Business Email Compromise attacks are to steal money, gain system access, or compromise sensitive data. They are highly targeted and well thought-out, utilizing a spear-fishing tactic that depends on familiarity with the fake ‘sender’ – someone the recipient knows and seems real, which lures them into a false sense of security that the communication is legitimate, when it is not.
These types of attacks require quite a bit more effort from the cybercriminal than other tactics, but when successful, the payoff tends to be significantly greater.
Typically key executives such as CEOs, CFOs, or a title recognized as possessing financial authority are the targets of these attacks. BEC often involves compromised vendor emails, requests for W-2 information, or requests for large amounts of gift cards - a HUGE red flag – legitimate business does not generally request payment in gift cards (DUH!).
How do I make sure my email is secure?
Paying attention to both the big picture and small picture is critical in protecting your email. Your IT team does the heavy big picture lifting: Next generation firewalls, anti-virus (AV), spam filtering, and so forth. The small picture realm is populated by your employees - the end-users.
If you have failed to empower your employees with ongoing Security Awareness Training, then when you want to find out who is ultimately responsible for the success of a phishing attack, you need to look in the mirror. This is blunt, but true.
Any user, even with the best intentions, and even the smartest workers, can slip up. In the middle of a very busy day, an email shows up that looks like it’s from FedEx - but it isn’t – it’s spoofed (copied), but it has all the right logo and signature and looks like any other FedEx email. It offers a link to check the tracking on your delivery. Maybe you have a package on its way, maybe you don’t, but just in case you forgot if anything is on order, you click to see what it is and your computer becomes infected.
Here are a few handy tips for ensuring that your own email is as secure as possible:
From Technology Safety (techsafety.org) – only the bullet points are included below, but the comprehensive description can be viewed HERE.
1) Use non-identifying information
2) Use a password known only to you
3) Use ate least a two-step verification
4) Review security notifications
5) Use only secure devices
6) Always log in/out
7) Don’t let browser or mobile device remember your accounts/passwords
8) Be judicious as to who gets your email address
Unfortunately, all too often, the tips laid out above are overlooked. One of the inherent challenges of maintaining strong Cybersecurity is that users often view things like logging in/out for every session as cumbersome and time consuming. Obviously, it’s easier to stay logged in if you can, but so is leaving your front door wide open when you go to work, so you don’t have to unlock it when you get home.
Close the door and lock it.
Frequently Asked Questions
Is spear phishing more successful?
Absolutely. Spear phishing is far more successful than other phishing attacks because they are more targeted, complex, and require a lot of work to set up. The targets usually represent big money or lucrative intellectual property.
Is spear phishing social engineering?
Again, ABSOLUTELY. It is the textbook definition of social engineering – the cybercriminal learns things about you – usually from social media, then poses as a trusted person and uses deception to entice the victim to click a malicious link or attachment – they engineer you to become their victim.
Where do cybercriminals find their targets?
The most common source is through the hacking of financial institutions. It’s easier to hack a company holding the information of millions of customers than any other way to identify worthwhile victims.
Can you tell if someone hacked your email?
There are a few tell-tale signs. One of the most common means by which hackers obtain access to your email is through a data breach of the company that holds your email information. The obvious signs:
1) Your password has been changed and you cannot log in.
2) Unknown emails in your inbox. If suspicious, check for sent emails that you did not send.
3) Emails from your bank or credit card provider asking for verification of account information.
4) Friends and business associates ask you about strange emails they received from you – often spam.
Is your network - and email - secure?
As a longstanding, reputable member of the Charlotte IT Support community, ITFIRM.COM offers a FREE, no-risk network and security assessment. We perform a non-intrusive scan that allows us to deliver a comprehensive report of the state of your system and its vulnerabilities that is yours to keep. There are no strings attached, and you are under no obligation to ever use our Managed IT Services.
The two best defenses are next-generation Cybersecurity to protect your data from theft, and a top-notch Managed Services Provider to ensure continued reliability and defenses against newly emerging threats.
We put our 100% Money Back Guarantee in writing, so there is no risk in trying us out. Because we do not require a ‘hard’ contract, our clients can fire us at any time with 30 days’ notice. We have to be good.
Among the Managed IT services we provide:
IT HelpDesk Service
Onsite IT Support
Cybersecurity
Cloud migration and management
Email migration services
Backup and disaster recovery
VoIP phone systems
IT disposition and recycling
Office moves
White label services (IT to IT)
Planning an Office Move?
Contact us today! We have the experience to ensure a seamless transition. After the move, your employees will arrive at the new location to find their IT infrastructure ready and open for business!
For more information on office moves, or to receive your FREE no-risk network and Cybersecurity assessment, just fill out the form on this page or call us at:
704-565-9705
