Cybersecurity has never been more important than it is today. Holiday hackers are busy at work trying to steal your information any way they can.
There is certainly no shortage of news articles coming out almost daily that report everything from small businesses that are being hit with compromised credential attacks to large conglomerates being the victim of ransomware attacks. Hacks such as the most recent Kronos payroll & HR cloud software ransomware attack are leaving companies and individuals in a panic to scramble to get back to normal before the holidays.
Hackers are some of the most vicious thieves that you will never meet. They infiltrate your computer systems with no warning, sometimes undetected in the background for weeks, months and even years before it gets detected. One of the most important parts of any successful business these days is Cybersecurity and having a cyber insurance policy that covers you in the event of an attack could save your business millions.
The first thing you need to understand as a business owner is the importance of having a great cyber safety training program that every employee goes through at least once a year. After all, how can you expect to keep your business safe from cyber-attacks if your employees have not been trained on what to look for in identifying potential risks coming to them daily?
Bad actors are busy coming up with even more inventive ways of getting what they need from you as I write this. Do you know all the different forms of attacks and how to identify the red flags before you click?
Here are some of the most common types of attacks: Phishing, Smishing, Malware, Denial of Service, DNS Spoofing, Fake Ads & Sites, Botnets, and Click Bait Text.
How many of these have you heard of, and do you know exactly what it means? Here is a brief description of each:
- Phishing: Targets you by email posing as a legitimate business to lure you into providing sensitive data such as PHI, banking details and passwords.
- Smishing: SMS Phishing is a form of phishing done through SMS messaging (there is also a form of this called Vishing, which is done through voicemail messages.
- Malware: Intrusive software that is designed to damage and destroy computer systems (a.k.a. Malicious software)
- Denial of Service: An attempt to make a machine or network unavailable to its intended users.
- DNS Spoofing: A type of computer attack that forces a user to navigate to a fake website disguised to look like a real one, with the intent of stealing credentials.
- Fake Ads & Sites (Malvertising): Malicious advertising is the use of online advertising that distributes malware with little to no user interaction required because it uses a tiny piece of code hidden in the ad that directs your computer to the criminal’s server.
- Botnets: Network of hijacked computer devices used to carry out various scams or cyberattacks.
- Click Bait Text: Targeted text or ads that use emotion and urgency to trick you into opening an image, video, or article scam, allowing them to obtain your private information.
A few other types of attacks that might have heard of: Trojan, Keyloggers, Link Manipulation, Web-Based Delivery, Cross-site Scripting, SQL Injections, Zero-Day Exploit, Credential Theft, Session Hijacking, Spear Phishing, Drive-by Downloads, Man in the Middle & Email Spoofing.
The good news is that we have never been more prepared than now to help keep your employees and business safer from these forms of attacks.
A few simple things you can do right away that will help to prevent these such attacks from impacting your organization:
- Employee Security Awareness Training – teaching your employees how to spot and report a potential attack is the most cost-effective form of prevention.
- Use AI to identify and block bait attacks – TKS is here to help with this
- Block malicious browser popups
- Keep your systems up to date and allow notification of updates to ensure they are not missed
- MFA – using MFA to protect your credentials is an easily added layer of protection
- Always use strong passwords – sounds simple but you would be surprised how many of your employees are still using a basic password
- Do not allow your device to auto-join any unfamiliar or unsecured WiFi networks
- Use a password manager – only remember one very difficult password & access all your passwords securely in one place.
Watch our Cyber Safety Presentation
Or download the PDF version to share with your staff
For more helpful information and tips be sure to follow TKS on social media for weekly infographics and other shareables.
Or check out our partner sites for tips, tools and resources:
https://www.knowbe4.com/free-it-security-tools
https://www.knowbe4.com/phishing
https://www.knowbe4.com/resources
https://www.watchguard.com/wgrd-resource-center
Contact TKS here and let us help your business stay as safe as possible.
Original Article from Stephanie Reilly @Turn Key Solutions, LLC