As we know, there are many types of cyberthreats, all of which can be harmful to your business. Understanding the different types of threats and having the appropriate preventative and reactive measures in place is key for all businesses to mitigate risk.
Cyberthreats are caused by vulnerabilities. Most software will have a vulnerability – a security ‘fault’ or ‘hole’ – at some point in its life due to incompatibility with the operating system for example, or simply the way it’s built. It’s worth noting that the vulnerabilities themselves are not an issue, but it’s these that viruses take advantage of; vulnerabilities allow access to PCs and Servers.
Once cybercriminals have taken advantage of the vulnerabilities and gained access, the results can be wide ranging, from harvesting personal data, usernames, passwords and bank details, to encrypting data for blackmail purposes. Many viruses can run on a machine without the end user even knowing. Human error is typically the cause and starting point of the spread of the infection. Here’s what your end users can look out for to prevent the spread of infections.
Phishing, or mass spamming, campaigns are emails that appear to be genuine that are sent to hundreds or thousands of different people. They’ll encourage you to click on an illegitimate link or download something that will then cause an infection. These emails are designed to look genuine so can be very difficult to spot. Users can click on the sender email address; if it doesn’t match the person signing the email, then you can safely delete the email.
Spear phishing has the same aim as phishing – to get the user to open a link or download something which will cause a virus. In contrast to phishing, spear phishing uses personal information in order to create a targeted email. The information they use might be openly available on the web or social media accounts for example.
We’re increasingly sharing more and more of our lives publicly and on social media. Unfortunately, this makes it easier to find the information needed for spear phishing attacks. In a similar vein, each time there’s a data breach, personal information is leaked onto the web. For example, the information of every Yahoo account holder was leaked in 2016. Most of the accounts were dormant so many didn’t take much notice, however the information that was leaked included timeless security questions and their answers (where you were born, your mother’s maiden name etc.). Breaches like this make it easy to construct a convincing spear phishing message.
Last year, we witnessed many ransomware attacks including the WannaCry attack on the NHS. Ransomware encrypts users’ data and then demands a payment to decrypt it. The payment amount generally rises the longer the payment is left and if no ransom is paid, the data will be deleted. The payments are normally made using BitCoin, a virtual currency. When a payment is made, the data will typically be deleted and restored back to its original location, but there is no guarantee that that will be the case. The cybercriminals could demand further payments for example.
There are many types of cyberthreats, but just a handful of protective measures can protect you against them all.
We offer IT Support Contracts. For one monthly charge we can provide and manage everything that you’ll need to keep your infrastructure safe. We proactively monitor your entire infrastructure for you, often dealing with issues before users even realise. As part of our IT Support Contracts, we use the following products:
ESET Endpoint Security – an antivirus solution that detects and eliminates all types of threats with low resource usage, and cross-platform protection.
Clunk Click Online Pro – backup your data to secure offsite datacentres. Data is encrypted at source, in transit, and at rest for complete security. Restore your data easily in the event of data loss.
Mako – a network router with a firewall controls the traffic that’s allowed in and out of your network. It allows you to access the internet safely with a low chance of spurious links and traffic.
Office 365 – Office 365 has inbuilt security features to keep your data safe, as well as additional products such as Advanced Threat Protection which detects and detonates any spurious links or attachments.