Today we’re sharing insight from guest blogger Kinetic IT, an Information Technology Managed Service Provider based in South Bend, IN. We hope you enjoy Kinetic’s insight and wisdom!
Technology has the power to put your organization one step ahead of the competition. Businesses are gradually recognizing this opportunity, and as they increase their use of technology, an associated risk emerges: data security.
While C-suite executives are increasingly citing cyber security as a leading priority, studies have found that the majority of organizations are unprepared in preventing or mitigating advanced cyber threats. While steps to change this trend is a whole issue in and of itself, we wanted to start out by educating you on the most common cyber threats clients have brought to us in 2016 and what you can do to both guard against and mitigate damage from them.
One of the main ways to protect against malware, hacking, and viruses is to avoid unnecessary application installations (i.e., tool bars, PC tune up apps, and just about any “free” application). If a “must-have” situation arises, verify the company you are downloading from is real and always, always, always download from the vendor site, not a third-party who could have rebuilt the installation file to infect your system!
That being said, if any unusual pop-ups or messages appear on your phone, computer, tablet, etc., ask questions before acting! While this may seem to be common sense, you would be surprise how many people break this golden rule. You can avoid serious costly damage by being aware and not being afraid or ashamed to ask for help.
To help you be “aware” of red flags, here are three of the most prevalent cyber threats that you should know about:
Whaling
Also known as personalized phishing (or spear-phishing). In this scenario, a hacker accesses private information to learn about you and then commit customized fraud. In our client’s case, someone broke into their email and was able to get sensitive information about a new house purchase. S/he used information to commit fraud in a way that was very difficult to catch. While it’s hard to know if you’re the target of a whaling attack like this, there are some red flags you can look for: odd requests that seem to come out of the blue, links that don’t make sense to normal everyday communications, and attachments that are not generally sent by the purported senders are all things to keep an eye out for!
Fake Tech Support Pop-Up
This increasingly common cyber threat appears as a pop-up in your browser when you are on the Internet. The pop-up, which doesn’t look exactly like your web browser (it’s typically just a plain window) will ask you to call a “tech support number” because of system problems. The key here? Don’t call! If you call/accept, the hacker will get complete access to your computer (and possibly your entire corporate network). Another one of our clients recently made the mistake of calling before reaching out to us, which required costly system repair for their organization. For more information about this virus, see the Internet Crime Complaint Center’s public service announcement.
WIRE TRANSFER FRAUD
This simple scam is becoming increasingly prevalent as well. It can be very hard to notice and might slip into your environment quickly depending on how you operate your business. The scam starts with a simple email from the owner, CFO, or someone with check-writing rights in your company going directly to a person who has the ability to perform a wire transfer for the business. Here is an example of an email that “Mary,” a company’s accountant, might receive from what appears to be her company’s owner “John.”
To: Mary@company.com
From: John@compamy.com
Subject: Urgent Transfer Needed
Mary,
I hope you are having a great day but I’m in urgent need of a quick wire transfer. Can you please let me know if we have $32000 available to send out this morning? If so, I will send you the rest of the information to get this going.
Thanks,
John
Look closely. Do you see the small difference between John’s email address and Mary’s? The scammer has created the domain name with a small variance that s/he is hoping Mary will not notice. There are several versions of this scam but in all of them, the scammer knows more about your business than you would think possible. They will send these emails while the business owner is on vacation or to Mary’s direct report when she is out of the office. The moral here? Scammers are clever and know more than you think. Alertness and caution are key.
While an organization’s leadership may understand how important a strong cyber security defense is, it is just one of a host of business priorities they have to balance. Often, C-suite executives will not act until it’s too late.
While this is a trend we are working hard to change with our clients, as long as you are open to these kinds of threats, the key take-away in each of these examples is: be aware and ask questions before acting. Exhibiting caution when any unusual messaging comes up and asking for help will go a long way in keeping you, your devices, and most importantly, your data safe and secure.
This content was written and shared by guest blogger Kinetic IT. It originally appeared on their blog.
Kinetic IT Solutions is an Information Technology Managed Provider based in South Bend, IN. The company is focused on supporting local businesses with both management and direct hands on support of their IT environment. Network and Server Infrastructure, Remote Access, Visualization, Messaging, Data Center Management, Disaster Recovery, and developing IT Policies and Procedures are their core business offerings. Kinetic IT Solutions strives to help drive business growth through technology.
Connect with Kinetic on Twitter, Facebook, and LinkedIn.
