Ever increasing cyber security threats, as well as new laws supporting the privacy act which require businesses to notify clients of a data breach, means that businesses need to be hyper-vigilant in implementing best practice security measures.
These are the three most common threats we are seeing our customers facing.
Business Email Compromise
An attacker gains access to a business email account via one of the following;
- Phishing: A perpetrator sends deceiving communications typically via email, text or other which request login details and records them to be utilized in malicious activity.
- Brute force: this type of attack is a trial-and-error method used to obtain information such as a user password. In a brute force attack, automated software is used to generate many consecutive guesses as to the value of the desired data. Password changes and complexity policies are key to protecting organisations from this.
Business Email Spoofing
An attacker ‘spoofs’ or impersonates the email address of a trusted party, typically suppliers, executives or business owners often in an attempt to trick finance staff into transferring funds to the attacker rather than a supplier or executive.
Malware based attacks
Malware is software that is designed to gain access to, disrupt or damage a user’s device or files. Malware attacks such as the cryptolocker virus, rely on the attacker infecting the victim’s device or business network with malicious software for the purposes of extortion. Other examples of Malware include remote access trojans designed to allow the attacker remote access of a device which is not easily traceable.
How to protect your business
Two factor authentication for remote access to cloud services such as Office 365, online banking and accounting software, ensuring that a secondary factor is required to remotely access your systems or data. This will reduce the impact of an attacker obtaining a user’s credentials as they wont also have the secondary factor required to log in. The user’s mobile phone for instance.
Education yourself and your staff
Approximately 90% of infections or threats occur due to user interaction. Seek out education on how to be vigilant and aware of what threats might look like. Forsythes provides specific Phishing education and simulations to train your staff.
Authorisation of payments
Attackers use many techniques to attempt to have finance staff transfer funds to them. Ensuring your finance policies require multiple levels of authorisation and any change of details requires peer review are simple measures that can prevent you from transferring money to attackers.
Strong / regularly updated passwords
Password change and complexity policies should be implemented to reduce the likelihood of successful brute force attacks.