Cyber Threats come in all varieties – and no two ever attack your business from the same angle or in the same way. Threats can occur directly from the outside, while others may have some insider help.
Threats are constantly changing, so security controls must adapt accordingly. These security controls include being aware of the latest malicious IPs, the types of websites that are most often impersonated in phishing attacks, and the categories of apps that are most likely to be malicious.
Email scams are becoming more prevalent. Very simple but effective, the email will arrive in your inbox for what will look like an internal or known email user. However, on closer inspection it is malicious. The email is not legitimate, and comes from an external source requesting funds transfer, or confirmation of a password. An example we are happy to share is as per below. A request to send monies to an account which at first glance appears to come from OAS Director, Craig Browning but highlighted is the actual email account it has been sent from.
Another common cybercrime at present is Ransomware. At a recent conference in the US, a cybercrime expert said “this is the most popular form of cybercrime because ifC the attacker is successful loading the payload onto your system, there is no way of them being caught” and financially very rewarding. Ransomware locks your files on all devices attached to your network and will only be released on payment of the ransom, which could typically range from $1500USD - $50000USD, payable in bitcoin. Awareness, is the best form of defence to minimise a ransomware attack. Never click or reply to unknown emails, files, web address or web link unless you are sure of the authenticity of the origin. Plus ensure you have an offsite backup that IS NOT attached to the network, so a restore can happen in critical circumstances.
Passwords are another prime attack for hackers. A password of at least 8 characters, alpha, numeric at a minimum is highly recommended. Enforce users to change them on a regular basis. This can be forced through the Windows Server system on a regular basis.
Real-time, contextual, and predictive threat intelligence that spans the spectrum of attack vectors is the critical component in implementing a defence-in-depth strategy. It’s the only way to fight back against today’s cybercriminals and give our business’s protection.
No silver bullet can protect your IT Infrastructure and data, but the below tick list provides industry leading defence for your business against Cybercrime.
Router – Communications hardware point of connection. Ensure it has Industry leading Firewall and Encryption
Anti-Spam Software – Stop the unsolicited emails before they hit your email domain
Anti-Virus Software – Both cloud version and end point required. Stop known viruses in the cloud before they land on your device and ensure an automated updates from your anti-spam are patched daily to your device.
DNS Security – Cloud based firewall that ensures the integrity of internet traffic.
User training and Awareness – Ensure staff are aware of threats. Never click or reply to unknown emails, files, web address or web link unless you are sure of the authenticity of the origin.
Article provided by Tony Price, Director, OAS Technology Group