‘Tis the season for hackers to target SME’s
They call it phishing. According to experts, it’s the number one way that hackers use to target companies just like yours. And just a reminder – these aren’t kids trying to break in for kicks. These are criminals who operate like organized crime, breaking in, using the information to defraud your company and increasingly demanding ransom and protection money from your business.
Experts also say that this is the time of year when phishing is most prevalent. It’s always going on, but during the run-up to Christmas, phishing attacks spike. Perhaps it’s because it’s such a busy time, perhaps because people’s minds are on other things. Whatever the reason, this is time to be even more cautious.
What is phishing?
It uses what looks like an official email from a supplier, a government agency, a friend or even someone from your own company. It passes on a link, an attachment or diverts the user to a very authentic looking site where they are asked to enter their username and password.
Whatever the strategy, hackers will use that information to get access to your systems and from there they have a number of different strategies. Some will corrupt or encrypt your data and force you to pay a ransom to get it back. Some will use credentials to gain access to your accounts for use in complex fraud schemes. Or maybe they will just sit undetected in the background using your people or your company as a tool to attack others.
How will your best customers or suppliers react if your Christmas present was helping hackers attack or defraud their company?
What can you do?
The best defense is education. Communicate with your employees on a regular basis. Let them know the dangers of opening links from unknown sources. Get them to question any link or document they don’t expect.
Above all, if they get a notice from anyone who points them to a web page where they are asked to put in their login credentials, they shouldn’t do it even if they think they trust the source – Google, Revenue Canada, Twitter, Facebook – it doesn’t matter. Even if they think the link is valid they should ignore it. To change passwords, employees should always navigate to the appropriate site themselves – never use a link from an email to change your password.
Especially this time of year, be aware of any shipping related scams. DHL, UPS and FedEX emails with attachments are bountiful this time of year, but they aren’t (or shouldn’t be) sending you email attachments. What you should expect from a shipping company is an email with a status update or confirmation of delivery, and nothing more. If you aren’t sure – look up the service number on the company’s website and call them.
It’s not always easy. For some departments in your company, it’s their job to open attachments. Accounting and HR are two examples. But even there, a little education goes a long way. If they get an unexpected email attachment even if it’s someone they know, a quick note back to the person is a good practice. Read the message and ask “does this sound like the person I know?” Just being a little more cautious can reduce your risk enormously.
We’ve taught our client’s and their staff to ask whenever they are uncertain about an email. And we’ll check it out very quickly. If you don’t have someone on staff who can do that, get a reputable IT support supplier to fill that need.
Nothing is perfect
If you take this advice, you’ll reduce your risk. But hacking has become a multi-billion dollar worldwide industry. More and more it preys on SMEs, thinking that they have the least ability to defend themselves. That doesn’t have to be true.
You can take even more steps to reduce your exposure. Even if you get phished or hacked, you can still reduce the damage.
We’ve published a “Practical Guide to Security” aimed at SME’s that can give you some basic education and tips to vastly reduce security exposure. You can download it below.
If you need additional help, we’re here. Contact us at firstname.lastname@example.org