If you don’t have a robust security solution in place, you are potentially opening the door for cyber criminals to access your network and potentially your data. It’s essential to review every aspect of your business security strategy, so that it’s harder for perpetrators to get hold of the valuable data you own! Don’t take the risk when it comes to your business!
If you’re in need of more guidance & support on how to protect your organisation against Phishing attacks or other cyber threats then hear from George Ward, our Project & Service Engineer, as he shares his tips on how you can top up your tackle box for extra protection!
PHISHING FOR TROUBLE
What is Phishing you may ask? No, it is not a grammar mistake, it is a genuine word but what does it mean?
Phishing is one of the many types of social engineering practices that cyber criminals try to use against people all over the world, every day. It is used to try and steal personal and important information, such as bank details or login credentials.
They do this by masquerading as a trusted individual or organisation that the victim will know, and then using this manipulation to get them to open an email or text message, and then the final trick is to get the victim to click on a link or open an attachment that looks very legitimate. Once this is done the attacker can then install malware onto the system so they can begin collecting information from that machine, and then possibly jump to other machines on the network without anyone knowing.
Once the attacker has access to one or more machines they are able to access and steal your businesses data. This data can be used to hold your business to ransom by the attacker for financial gain.
So, what would happen if the attacker decided to use the data they had collected or to block access to your systems?
Well firstly, the reputation of the business would most likely be negatively affected in the eyes of their clients, as they may decide to leak how much margin they are putting on goods compared to cost prices, and this could upset clients greatly.
Then there would be the damaging cost implications involved with cleaning up all the problems that the attacker has caused on internal systems, along with whatever reputation damage they may have caused. Not only that, but you may also be subject to fines due to breaches of the Data Protection Act or GDPR and depending on the size and severity of the breach the fine could be considerable.
No matter the size of the business, all are subject to the same implications and for those not prepared at all will suffer greatly, with huge downtime and significant financial impact!
Once the dust has settled, it would then be a case of trying to figure out what went wrong, how did it happen, who is responsible, and how do we prevent it from happening again?
Well, there a few ways to help prevent anything mentioned above from happening, however Phishing is one of those things that cannot be stopped as the methods to perform it are changing every day. However, there are measures which can be implemented so that you’re more prepared.
Firstly, you can sign up your business to cyber awareness courses such as Cybsafe that will teach your staff the signs of a potential Phishing attempt, and what to do in the event that someone does click/open something by mistake. They are usually very simple and can be taken by even those who do not really understand how computers etc, really work. As long as they can grasp the concept and be able to see the signs, that’s what matters.
Another thing you can do is review spam/phishing filters on your email system as these will have the tools to help you keep out potential Phishing emails. Email services like Microsoft Office 365 & Gmail have these tools already pre-configured to what they think works best, but for some this might not be good enough, so have a play and see what works, and if you can’t figure it out ask for some support from them and they will be happy to help you tailor it to your needs.
Also, some anti-virus products provide installable add-ons that attach to your email program, such as Outlook and will also be on the lookout for Phishing emails and will take appropriate action, unless you would prefer to act yourself once it has informed you. However not all providers will do this, so check with them, but do not have too many filters as they may clash.
You can seal up your business and email system like Fort Knox but it’s a harsh truth that Phishing is unpreventable, and the odd email will always wriggle through, but as long as your staff are well trained and informed, and you have the tools and procedures in place to prevent or mitigate this, then Phishing will not be a problem for your business.
HAVE YOU CONSIDERED EVERY MEASURE OF PROTECTION?
Have you employed a certain level of security to your business but are unsure on whether it’s enough? Speak to our PCS IT team to discuss your current cover, where we can provide support and offer further solutions to help protect your business infrastructure.
Call us on 0333 150 6780, email or fill out the contact form below and a member of the team will be in touch.