As more and more of our personal information is digitized, the significance of cybersecurity is steadily growing. Ransomware, phishing, and other malicious software are becoming more frequent and more dangerous. Forbes reports that American businesses lose approximately half a billion dollars a year to phishing scams, as well as priceless time and resources fixing the damage caused. Ransomware is also a massive issue (and grossly underreported). The malware of choice for hackers with 60% of malware payloads, businesses are often quiet about ransomware attacks in order to protect their company’s reputation.

Whatever the exact numbers are, it’s of utmost importance for businesses to have proper security against malware. But just as important is for employees to be properly educated about how to identify malware and prevent cyber attacks. McAfee, one of the leading software security companies, reported in 2015 that 97% of consumers could not identify phishing emails. And while users are slowly getting smarter, so are online criminals. It’s no longer enough to trust an email even if you know the sender or click on a link just because it starts with an “https”.

Here are several fundamental guidelines that can help your business stay safe:

1. NEVER click on an Email link or attachment unless you’re 100% sure where the link leads or what the attachment is, even if the email seems like it is coming from a known source. Phishing often works by deceitfully using a name or email address from someone in your contacts. It is also possible that the sender’s PC was compromised by a virus that is sending emails to everyone in their address book.
2. Manually enter the website URL in a new tab if you’re uncertain about a link’s authenticity. Many phishing emails will pose as trusted companies and prompt you to follow in link in order to validate your email or other information. Instead of following the link they provide, go to the website manually and check if it needs you to validate something.
3. Stay vigilant for emails with irregular worded or formatted emails. If the subject line or the body of the email seems unusually vague or incomplete, DO NOT OPEN THE ATTACHMENT OR CLICK ON LINKS, even if you recognize the sender. Double check with the sender through alternate means to ensure authenticity.
4. Avoid clicking CANCEL on a pop-up window, always close the window by pressing X on the top right corner. Any button on the window itself, including buttons like “cancel” or “not interested” may actually be a disguised link that will download a virus.
5. Exercise caution and avoid blindly following instructions from a pop-up. Many malicious pop-ups will pose as, or being affiliated with, trustworthy companies. They’ll often instruct you to either call a certain number or go to a certain website. Always manually search for the phone number or website rather than risking getting scammed.
6. Always ensure that the website’s URL matches the organization’s domain name. A quick look at your browser’s web address bar to ensure that it’s the same as the organization name and web address is an easy way to spot malicious sites.
7. If an offer appears too good to be true, it likely is. Be vigilant and do proper research before accepting an offer. Enticing deals are a common way scammers can get your information.

Risks Associated with Email Attachments

One of the most common way computer viruses and worms spread is through email attachments, causing massive security breaches. If these attachments are opened, they can give hackers complete control of your machine and initiate attack on other machines. They can also start sending out copies of itself to any email address it finds in your contacts under your name. Malicious software (malware) like this has crippled personal machines, email servers, businesses, government networks, and countless other organizations.

Just because you may consider yourself tech-savvy doesn’t mean you can be careless. Cybercriminals constantly devise innovative tactics for attacks.

Here are a few guidelines that will help you stay safe from malicious attachments:

1. Refrain from opening attachments if the email appears suspicious, even if the message is from a user you regularly exchange emails with. Things to look out for are vague or incomplete subject lines or message body, several unexpected messages from different people with identical subject lines, or any other irregularity.
2. Avoid opening attachments with uncommon icons or extensions. Most attachments you receive probably fall into a few recognizable categories: Word (.doc), Excel (.xls/.xlsx), PowerPoint (.ppt), PDFs, and the like. Attachments with unusual icons or extensions (like .pif, .scr, or .exe) should not be opened without first thoroughly verifying its safety.
3. Don’t open unexpected attachments and/or attachments from strangers. Generally, if a malicious attachment is not opened or viewed, it cannot infect your computer. If you know the person who sent the email, but weren’t expecting them to send you an attachment, contact them and confirm that they sent it before opening.

Phishing Scams

A phishing scam involves perpetrators sending emails that appear legitimate. They usually appear to come from a well-known and trustworthy organization or website in an attempt to gather personal and financial information from the recipient.

There are two common types of phishing scams:

1. An email containing an urgent request for personal information. You’ll be asked to respond to an email with account information, DOB, SSN, and the like in order to prevent immediate closure of your account. These emails can even be personalized.
2. An email containing a link and a request to verify your account. Even if the link appears to take you to a valid website, it may be a counterfeit website designed specially to mimic the real one and seize your information. Unless you are expecting a verification email (i.e. you requested to change your password or username), never click on the link even if it seems legitimate.

ANY EMAIL ASKING YOU TO DIRECTLY RESPOND WITH SENSITIVE INFORMATION OR ASKING UNPROMPTED TO VALIDATE CERTAIN INFORMATION ARE ALMOST ALWAYS PHISHING ATTEMPTS.

Your bank, the IRS, or even Netflix will NEVER ask you to send things like credit card information via email. An easy solution is to open another tab, go to the website the email is claiming to be sent from, and check your account that way. If there actually is a problem with your account, you will be able to take care of it safely. If everything looks fine, then congratulations! You just successfully avoided getting phished.

Prioritizing internet security and safety is essential. Keep yourself and your employees educated and up to date on malware trends and keep guidelines available for reference. In an office setting, you can easily verify an email’s legitimacy by asking a coworker verbally. Always try and confirm in-person or over the phone after getting a request to wire money. Spending another extra minute and being cautious could potentially save your business from a cyber attack.

If your business requires additional cybersecurity measures, contact us to see how we can help.

Sources:

https://www.forbes.com/sites/leemathews/2017/05/05/phishing-scams-cost-american-businesses-half-a-billion-dollars-a-year/#6f36ea583fa1

https://blog.barkly.com/ransomware-statistics-2017

https://www.comparitech.com/blog/vpn-privacy/phishing-statistics-facts/#gref