As more and more of our personal information is digitized, the importance of cyber security continues to increase. Ransomware, phishing, and other malicious software are becoming more frequent and more dangerous. Forbes reports that American businesses lose approximately half a billion dollars a year to phishing scams, as well as priceless time and resources fixing the damage caused. Ransomware is also a massive issue (and grossly underreported). The malware of choice for hackers with 60% of malware payloads, businesses are often quiet about ransomware attacks in order to protect their company’s reputation.
Whatever the exact numbers are, it’s extremely important for businesses to have proper security against malware. But just as important is for employees to be properly educated about how to identify malware and prevent cyber attacks. McAfee, one of the leading software security companies, reported in 2015 that 97% of consumers could not identify phishing emails. And while users are slowly getting smarter, so are online criminals. It’s no longer enough to trust an email even if you know the sender or click on a link just because it starts with an “https”.
Here are a few general guidelines that can help your business stay safe:
- NEVER click on an email link or attachment unless you’re 100% sure where the link leads or what the attachment is, even if the email seems like it is coming from a known source. Phishing often works by deceitfully using a name or email address from someone in your contacts. It is also possible that the sender’s PC was compromised by a virus that is sending emails to everyone in their address book.
- Type in the website manually in another tab if you are unsure about the authenticity of a link. Many phishing emails will pose as trusted companies and prompt you to follow in link in order to validate your email or other information. Instead of following the link they provide, go to the website manually and check if it needs you to validate something.
- Be on the lookout for irregularly worded or formatted emails. If the subject line or the body of the email seems unusually vague or incomplete, DO NOT OPEN THE ATTACHMENT OR CLICK ON LINKS, even if you recognize the sender. Double check with the sender through alternate means to ensure authenticity.
- Don’t press CANCEL on pop-up window, always close the window by pressing X on the top right corner. Any button on the window itself, including buttons like “cancel” or “not interested” may actually be a disguised link that will download a virus.
- Don’t blindly follow instructions from a pop-up. Many malicious pop-ups will pose as, or being affiliated with, trustworthy companies. They’ll often instruct you to either call a certain number or go to a certain website. Always manually search for the phone number or website rather than risking getting scammed.
- Always confirm that the URL of a website matches the domain name of the organization. A quick look at your browser’s web address bar to ensure that it’s the same as the organization name and web address is an easy way to spot malicious sites.
- If you think an offer is too good to be true, it probably is. Be vigilant and do proper research before accepting an offer. Enticing deals are a common way scammers can get your information.
Email Attachments and Viruses
One of the most common way computer viruses and worms spread is through email attachments, causing massive security breaches. If these attachments are opened, they can give hackers complete control of your machine and initiate attack on other machines. They can also start sending out copies of itself to any email address it finds in your contacts under your name. Malicious software (malware) like this has crippled personal machines, email servers, businesses, government networks, and countless other organizations.
Just because you may consider yourself tech-savvy doesn’t mean you can be careless. Scammers are always finding new, sneaky ways to attack.
Here are a few guidelines that will help you stay safe from malicious attachments:
- Don’t open attachments if the email looks strange, even if the message is from a user you regularly exchange emails with. Things to look out for are vague or incomplete subject lines or message body, several unexpected messages from different people with identical subject lines, or any other irregularity.
- Don’t open unusual attachments. Most attachments you receive probably fall into a few recognizable categories: Word (.doc), Excel (.xls/.xlsx), PowerPoint (.ppt), PDFs, and the like. Attachments with unusual icons or extensions (like .pif, .scr, or .exe) should not be opened without first thoroughly verifying its safety.
- Don’t open unexpected attachments and/or attachments from strangers. Generally, if a malicious attachment is not opened or viewed, it cannot infect your computer. If you know the person who sent the email, but weren’t expecting them to send you an attachment, contact them and confirm that they sent it before opening.
A phishing scam is an email where the perpetrator sends a legitimate looking email. They usually appear to come from a well-known and trustworthy organization or website in an attempt to gather personal and financial information from the recipient.
There are two common types of phishing scams:
- An email containing an urgent request for personal information. You’ll be asked to respond to an email with account information, DOB, SSN, and the like in order to prevent immediate closure of your account. These emails can even be personalized.
- An email containing a link and a request to verify your account. Even if the link appears to take you to a valid website, it may be a counterfeit website designed specially to mimic the real one and seize your information. Unless you are expecting a verification email (i.e. you requested to change your password or username), never click on the link even if it seems legitimate.
ANY EMAIL ASKING YOU TO DIRECTLY RESPOND WITH SENSITIVE INFORMATION OR ASKING UNPROMPTED TO VALIDATE CERTAIN INFORMATION ARE ALMOST ALWAYS PHISHING ATTEMPTS.
Your bank, the IRS, or even Netflix will NEVER ask you to send things like credit card information via email. An easy solution is to open another tab, go to the website the email is claiming to be sent from, and check your account that way. If there actually is a problem with your account, you will be able to take care of it safely. If everything looks fine, then congratulations! You just successfully avoided getting phished.
Internet security and safety needs to be prioritized. Keep yourself and your employees educated and up to date on malware trends and keep guidelines available for reference. Especially if you’re in an office setting, it’s easy to check verbally with a co-worker if they actually did send you an email. Always try and confirm in-person or over the phone after getting a request to wire money. Spending another extra minute and being cautious could potentially save your business from a cyber attack.
If you think your business needs more cyber security, contact us to see how we can help.