Cyber criminals tend to follow the path of least resistance. The easier it is to hurt businesses and take their money, the more businesses they can attack. It’s the ‘low hanging fruit’ principle.
The most common avenue of approach to effect any type of data breach is through email. The most common tactic used by cyber crooks is phishing – using deceptive emails which encourage the end user to click on a malicious link or attachment which releases the malware into the network.
No in-house IT department or outsourced Managed IT Services provider can prevent an employee from clicking on a malicious link or attachment – any more than a fireman can prevent someone from tossing a lit cigarette into dry weeds. It’s what happens after the fact that separates the IT support experts from the garden variety IT services ‘guys.’ A top-notch Managed Services Provider (MSP) will have it set up to isolate the intrusion in the originating workstation, wipe the computer clean and reinstall the data from any one of several reliable, protected backups – usually within a couple of hours.
No matter the cause, effect, or resolution of an attack, the undeniable fact remains that email is the river upon which almost all traffic (and cyber-crime) flows, and it’s not going to protect itself. Cooperation between an aware, concerned work force and the IT services provider is crucial.
According to the FBI’s 2021 annual Internet Crime Report, Business Email Compromise (BEC) is one of the fastest growing forms of cyber-attack – accounting for $2.4 Billion dollars in reported losses – up 28% from 2020.
What are BEC attacks?
BEC (Business Email Compromise attacks are highly targeted, using a spear-fishing tactic that relies on familiarity with the ‘sender’ - name recognition which lulls the recipient(s) into a false sense of ease that the communication is legitimate – when it is not. These types of attacks require quite a bit more effort from the cybercriminal than other tactics, but when successful, the payoff tends to be significantly greater.
This specific form of attack involves the spoofing of email accounts belonging to key executives such as CEOs, CFOs, or a title recognized as possessing financial authority. BEC often involves compromised vendor emails, requests for W-2 information, or requests for large amounts of gift cards (a HUGE red flag – legitimate business does not generally involve itself with gift cards).
How do I make my email secure?
The answer must be addressed in both the big picture and small picture arenas. Your IT team does the heavy big picture lifting: Next generation firewalls, anti-virus (AV), spam filtering, and so forth. But, as noted, the small picture realm is populated by end-users – employees.
Even with the best intentions, just about any user can slip up. In the middle of a very busy day, an email shows up that looks like it’s from FedEx - but it isn’t – it’s spoofed (copied), has all the right logos and looks like any other FedEx email. It offers a link to check the tracking on your delivery. Maybe you have a package on its way, maybe you don’t, so you click to see what it is and your computer becomes infected.
Tips for ensuring that your own email is as secure as possible:
The following is from Technology Safety (techsafety.org) – only the bullet points are included below, but the comprehensive description can be viewed HERE.
1) Use non-identifying information
2) Use a password known only to you
3) Use ate least a two-step verification
4) Review security notifications
5) Use only secure devices
6) Always log in/out
7) Don’t let browser or mobile device remember your accounts/passwords
8) Be judicious as to who gets your email address
Some of the above tips are often ignored. One of the inherent challenges of strong Cybersecurity is that users often view things like logging in/out for every session as cumbersome and time consuming. Obviously, it’s easier to stay logged in if you can, but so is leaving your front door wide open when you go to bed instead of taking the time to close and lock it.
Here on the ITFirm.com website, we provide useful tips that will help safeguard your system. Please take a look at Creating Winning Cybersecurity.
Frequently Asked Questions
Can you tell if someone hacked your email?
A: There are tell-tale signs. One of the most common means by which hackers obtain is through a data breach of the company that holds your email information. The obvious signs:
1) Your password has been changed and you cannot log in. Hackers sometimes do this to keep you out.
2) Unknown emails in your inbox. If suspicious, check for sent emails that you did not send.
3) Emails from your bank or credit card provider asking for verification of account information.
4) Friends and business associates ask you about strange emails they received from you – often spam.
Is spear phishing more successful?
A: Spear Phishing is far more successful than other phishing attacks. They are more targeted, complex, and require a lot of work. The targets usually represent big money or intellectual property.
Is spear phishing social engineering?
A: It is absolutely social engineering – the cybercriminal poses as a trusted person and uses trickery to get the victim to click a malicious link or email.
Where do cybercriminals find their targets?
A: The most common source is through the hacking of financial institutions. It’s easier to hack a company holding the information of millions of customers than any other way to identify worthwhile victims.
Is your network - and email - secure?
As a longstanding, reputable member of the Charlotte IT Support community, ITFirm.com offers a FREE, no-risk network and security assessment. We perform a non-intrusive scan that allows us to deliver a comprehensive report of the state of your system and its vulnerabilities that is yours to keep. There are no strings attached, and you are under no obligation to ever use our IT Services.
The two best defenses are next-generation Cybersecurity to protect your data from theft, and a top-notch Managed Services Provider to ensure continued reliability and defenses against newly emerging threats.
We put our 100% Money Back Guarantee in writing, so there is no risk in trying us out. Because we do not require a ‘hard’ contract, our clients can fire us at any time with 30 days’ notice. We have to be good.
Among the Managed IT services we provide:
IT HelpDesk Service
Onsite IT Support
Cybersecurity
Cloud migration and management
Email migration services
Backup and disaster recovery
VoIP phone systems
IT disposition and recycling
Office moves
White label services (IT to IT)
Planning an Office Move?
Contact us today! We have the experience to ensure a seamless transition. After the move, your employees will arrive at the new location to find their IT infrastructure ready and open for business!
For more information on office moves, or to receive your FREE no-risk network and Cybersecurity assessment, just fill out the form on this page or call us at:
704-565-9705
