Ransomware, phishing, whaling – if you thought they’re made up for TV, think again.
They’re all tools in the hacker’s arsenal and they could be a cybersecurity threat to your business. In another article, we looked at the big picture of keeping your information secure. Read five fundamentals for securing information
Now we delve deeper into the hacker’s biggest weapon. It’s not technology, as you may have thought. It’s people and our willingness to be friendly, helpful and talkative.
Phishing is something we all experience. It’s that email from a bank that says something like, "Your account has been compromised. Please check your details by clicking on our link below." It has a logo from your bank (or someone else’s). The hacker has high hopes that you will click on that link.
Of course, it’s not from your bank, but from a hacker who wants you to enter your details so they can access your accounts.
2. Whaling: "Urgent! Act immediately!"
Whaling takes phishing to the next level. It's trying to fool victims into thinking someone important has sent an urgent request. For example, "Please pay this person $25,000 into this account before the end of the day."
Whaling relies on people being unwilling to upset or question the boss. Hackers hope that you'll follow the email's instructions – without checking or verifying.
3. Ransomware: Give me your money or your files get it
Ransomware is also on the rise. Victims click on a link or open an attachment in an email. Next thing they know, their computer (or even their company’s entire network) is locked down. The only way to retrieve the data is to pay a ransom, hence the name.
Technology isn't always the weakest link
Social engineering is tricking people into handing over access or information. Hackers don't need to break into the security system. They just need to fool well-meaning people into revealing passwords or handing over information.
Most small and medium businesses don’t have an IT manager. Most also don’t have the expertise to spot problems before they arise, let alone fix them. So what is a business owner to do?
Mark Churches is the manager of fraud detection and response services at Spark. He says the first step is to make sure your security technology is up-to-date. Installing security software updates and patches is very important, but don't stop there.
As Mark says about security technology, “It tends to give a false sense of security because the technology isn’t usually the weakest link. It’s people."
Fraud techniques like phishing and whaling are always changing. For small businesses, that means staying on your toes.
Imagine you’ve received an email from the boss asking you to set up a payment to an account you’ve never heard of before. Do you jump to it, or should you check first?
Mark suggests ringing the boss to double-check. No senior manager would object to someone double-checking before authorising a large payment.
“Big businesses tend to have these procedures in place and they stick to them. Smaller businesses tend not to and that makes them vulnerable to attack.”
Mark says there are four things a user should do when looking at an email or communication that may be suspect:
- If you’re suspicious about a request or a large payment, check with your supervisor
- Look at the spelling and at the phrasing of the email – does it sound like the CFO or not?
- Does the email ask you to break normal procedures? This is a red flag
- Check the sender’s email address – is it from within the business or from somewhere else?
Mark has one final piece of advice: don’t reuse passwords.
“Sharing passwords among services means if you’re compromised in one area you have potentially given away access in another. By collecting bits of information from various sources, a hacker can put together a complete picture of you and your online world. That’s a big problem.”
What’s next for you?
If you’ve received any suspicious emails – or you just want to protect your company – get in touch. We'll have a look and suggest services for your company based on its size and requirements. Get in touch with Spark Lab