Blog Layout

A Phishing Expedition

Nils Desmet • Jan 31, 2019

Cyber attacks begin with infiltration. Without access to your network, most hackers would fall well short of their goals, be it stealing sensitive data or holding files hostage. Unfortunately, even the strongest security protocols are no match for the careless or uneducated user. Phishing entices individuals to click on links or open attachments armed with malware. For small businesses, emails and employee activities online are the typical phishing entryways. With promises or money, entertainment or titillation, phishing scams appeal to human nature and inquisitiveness. However, giving in to curiosity can come with devastating consequences including financial ruin and even civil and criminal liability.

For hackers, the end game with any phishing attempt involves manipulating a user to perform a certain function. Sometimes all that’s needed is a bit of spyware combined with snooping to capture login information. Sophisticated cyber criminals often depend on social engineering to steer their target towards the payload. With “spear fishing” hackers target specific individuals using social media, including Facebook profiles and LinkedIn accounts. By capturing personal information about their intended victims, cyber criminals can create much more effective email attacks by mimicking a trusted source.

Hackers on the Go

While all types of mobile devices are vulnerable, the most susceptible phones and tablets use an open source operating system, like Android. Because an open source operating system allows programmers and developers to access and modify system software more easily, these devices can end up infected by hidden viruses and malware. Currently, the most typical attack involves ransomware that locks down a mobile device’s data, but in the future, an unsecured mobile device could open the door to a more extensive attack on a connected network.

Another real threat involves the Internet of Things (IoT). Every smart gadget, be it a thermostat, a lightbulb, or a kitchen appliance, provides hackers with one more entry point into your network. Personal assistants, like the Amazon echo, can also allow cyber criminals to easily access your system. Unfortunately, many of the smart products marketed to consumers do not include any built-in security protocols. As a result, small businesses should make sure to follow standard security protocols including password protection and firewalls.

Smart gadgets and mobile devices expand the security perimeter of your network beyond its physical footprint. Additionally, if your employees access your network to perform tasks associated with their job, any sensitive data they access becomes portable, and thus vulnerable to third-party infiltrations. Establishing a comprehensive mobile device management strategy that addresses both physical security (passwords, locational services) and user awareness (phishing, ransomware) is essential. One option involves installation of mobile device management software, which allows your IT provider to remotely locate and wipe a lost or compromised device before the threat ever reaches your network.

Don’t Take the Bait!

The hacker’s most valuable tool is time. With enough resources and sufficient motivation, one or more cyber criminals can launch endless attacks against a network. While comprehensive security protocols like antivirus software and firewalls can create a seemingly impenetrable perimeter, one errant click on a link or infected attachment is all it takes to bring down your entire system. To reduce exposure to fraud and phishing attacks, small businesses should make sure anyone accessing the system receives a thorough education on how to avoid typical phishing attacks.

Generally speaking, the first hint of a phishing attack involves any email sent by an unknown source. Also, highly suspicious, any email promising a cash payout, or with language designed to convince a recipient to open an attachment or download. If the email demands immediate action or requests for personal data, that correspondence should also be flagged. Employees can also help by double checking the email addresses of the potential scammer for misspellings or other suspicious wording. Grammatical mistakes and spelling errors should also serve as a warning since most professional correspondence is proofread prior to send off. Finally, even a trusted source can be compromised, so any email that includes a confusing request or uncharacteristic language should be treated with caution.

Defend Your Ground

Because the best defense involves a well-executed offense, the best way for small businesses to protect their data and devices requires implementing the kind of responsive and comprehensive security offered by a managed service provider. By partnering with a Managed Service Provider (MSP), small businesses can take advantage of the latest advances in database management, cloud storage, and network security.

We all know hacking and cyber-crime continually evolves, becoming more and more complex and difficult to defend against. Unfortunately, no one technology can provide complete threat protection on its own. That’s why at Makios, we deploy layered network security to stay ahead of the evolving threat landscape with a suite of powerful security services. Visit our website today for more information about our comprehensive security protocols, including firewall and antivirus protection, Intrusion Prevention Systems (IPS), Advanced Threat Protection, SSL/IP Sec VPN solutions, and more!