Responding to the wrong email could spell disaster... Caroline looks at ways to prevent this happening in your company.
The recent ransom-ware cyber attacks brought chaos to companies across the world. Small to Medium size firms will often be the target for criminals because they believe their chances of defeating security and gaining access are higher and once in, they can attack larger potentially more valuable organisations that have a relationship with the SME using compromised email accounts to phish contacts, customers and suppliers.
As much as 1 in 10 individuals will fall victim to phishing attacks via email and unwittingly allow criminals access to unsecured networks.
Because the phishing email is personalised, and appears to come from a recognised contact, many of these beat email security and are delivered to the inbox. Not expecting an attack, the recipient unknowingly opens the email and downloads an attachment, or clicking on a link, or entering in passwords releasing malware or ransom-ware into the device and across the system.
Criminals are getting more and more sophisticated with their attacks and they only have to get lucky once.
So what should I look out for in emails?
Look very carefully and ask yourself do you know this person and is this their usual email address?
You should always give your email a meaningful subject and expect to receive the same. Does the subject contain spelling mistakes, or excessive punctuation? Is it irrelevant or poorly written?
Fraudulent emails will typically ask for you to do an action, such as download an attachment or visit a website. Be wary of emails that ask for personal information and wiht a phishing email there is usually an urgency to the email.
Be wary of links in emails that could take you to a malicious website which poses as a normal looking one.
Attachments can transmit viruses so open only when expecting an email.
You should periodically change your passwords, and make them tough to guess. Use letters, numbers and symbols if allowed.
Check that security training is included in any induction process. It is important to explain phishing to reduce the risk of being caught by a cyber attack. Always be alert and follow the news and think before clicking links and replying to emails.
Shop only on websites with https and the padlock icon showing in the address bar.
When making purchases, use credit card over debit card as they are more likely to reimburse you for fraudulent transactions
Back up all your data regularly in the event of loss, theft or ransom demand and be careful when using wifi in cafe's, hotels etc and ensure it is the genuine network so ask the staff who work there. NEVER undertake purchases over an open network and remember if it sounds too good to be true, it's likely to be a scam.