Ransomware and cybersecurity are big news right now, and not without cause. There have been several major breaches in the last few months that have set everyone on edge, and there’s zero likelihood we’ve seen the worst of it. In response, major agencies are publishing articles to help educate businesses and citizens on what to look for and what to do in response to an attack. The FBI recently published an article aimed at phishing attacks on small businesses that we think is very useful.
From the FBI:
Businesses Beware—Fraudsters want to cash in on digital data, and your vulnerable e-mail account can give them the keys to the kingdom. One of the biggest dangers lurking in your in-box is a version of a phishing scheme.
In this case, the fraudster sends you what appears to be a legitimate e-mail. He may have hacked someone else’s e-mail account to get to you, or he may have “spoofed” an e-mail address making it look real.
Either way, his goal is to get you to give him access to your company and/or your cash. In this phishing scheme, an embedded link is the hook with which he will attempt to catch you.
Once you click on that link, the fraudster is able to download malware onto your system that potentially gives him access to user ID’s, passwords, customer records, financial information, and data files.
Phishing schemes are often just the start — leading to potential ransomware attacks, business-e-mail-compromise scams, and more.
So — how do you protect your company?
From the lowest level employee up to the CEO, your e-mail system needs to be a fortress filled with defenses.
* Don’t use free web-based e-mail accounts for your business. Establish your own domain and create e-mail accounts based on that domain.
* Ensure that your firewalls, virus software, and spam filters are robust and up-to-date.
* Immediately report and delete suspicious e-mails, particularly those that come from people you don’t know.
* If you receive an e-mail from someone who appears to be a legitimate contact; but you are wary, make sure you “forward” it back to the sender. Do not hit “reply.” That way you can manually type the known e-mail address or find it in your established contact list to confirm authenticity.
* Don’t click in a moment of panic. Fraudsters often use social engineering to stress you out so you will act quickly without thinking. Check before you click.
* Consider two-factor authentication for employee e-mail. This would include something you know (such as a password) and something you have (such as dynamic/changing PIN or code.)
* Create a security system that flags e-mails with similar — but incorrect — formatting. For instance, you may regularly do business with Joe at ABC_company.com, but are you going to notice if one day the e-mail comes from Joe at ABC-company.com?
* Make sure your e-mail is encrypted in-transit if you are putting sensitive information into it.
Bottom line — build the e-mail fortress tall and wide to protect your business.
Your company needs a data protection strategy. It should include up-to-date antivirus software as well as a backup and recovery service. Great Lakes Computer can provide both. We’ve been a trusted IT partner to many businesses in Northeast Ohio, and nationwide, for over 30 years. We make it a priority to evolve our services to keep current with the trends and threats in the IT space. If you’re looking for a data security partner you can trust, call us.