As our world becomes more and more connected through digital advances in technology, it’s no secret that the dark side of business is also growing and becoming more and more lucrative. While companies continually innovate to help connect people, others innovate to develop malicious ways to attract and infringe upon our privacy.
Here, we’ll go over some of the top trending cybersecurity threats to watch out for in 2021 and tips on how to help prevent falling victim to cyber bullies.
Phishing is still among the top ways cyber criminals get their hands on your sensitive information. This method is by far a favorite because of the high volume of people interacting through electronic communication such as email.
Your employees receive a very high number of emails throughout the week. Most of these are caught by spam filters and other types of email protections. They do not catch them all, however, and sometimes an employee can fall victim of clicking on a malicious link that looks like a legitimate email from an established business they frequent.
All an attacker needs is for one employee of your organization to make a mistake to gain access to your company’s sensitive information. Your employee information such as D.O.B, social security numbers, login details to your internal systems, etc.
What measures should you use to try and minimize phishing threats?
- Train your team to spot suspicious emails. Emails from a legit institution don’t usually make spelling mistakes and address you by your first or full name, not just “Dear user.”
- If you’d like to make sure the communication is legit, you can try calling the official institution to inquire about said email. This is especially true if it comes from a credit card company or your bank.
- Your company’s IT representative can offer solutions such as anti phishing browser extensions and add ons so you can feel safer while using your company’s internet.
Smishing (SMS based)
While regular email phishing attacks still reign supreme, text message based phishing attempts (also called SMishing), are gaining tons of traction. Why?
Well, as email service providers get more and more sophisticated in weeding out phishing attempts, anyone can send anyone a text message. All the attacker needs to do is pose as the victim’s bank with a shortened URL. The victim will click the link and usually fill out sensitive details.
Some ways they try to get information out of you are:
- Your “bank” asking you to provide card details to confirm or to confirm your security number.
- A “delivery” service asking you to confirm shipping and order details.
- An “entertainment” service provider asking you to confirm payment details.
How can you avoid falling for SMishing attacks?
- A financial institution will never ask you to fill out online forms with sensitive information. You can confirm this by not clicking on anything, deleting the message and contacting them via phone directly.
- Watch out for general language, such as “Dear sir/madam”.
- Never click on links through random messages. Contact the institution via official phone numbers.
PDF scams work very similar to phishing scams. The former, however, don’t ask unsuspecting victims to click on anything. Instead, they ask you to download a PDF of whatever they are trying to convince you is legit. Some attackers try to convince you that these are updated privacy policies, balance statements for your financial institution, coupons, press releases, etc.
Scammers are well away of articles like these, warning people to never click on suspicious links. They are also aware that they need to constantly try new scamming methods since technology and people in general quickly catch up to their tactics.
What many people don’t know, however, is that by downloading these PDFs the scammers can install malware on your computer that are like tiny spiders that can crawl around your computer and send sensitive information back to your attacker.
In the workplace, emailing PDFs back and forth all day is common. Most of your employees won’t think twice about opening an email and downloading a PDF attachment to their harddrives. Hackers know this and this is their newest way of trying to exploit this behavior.
Tips to avoid PDF scams
- You should train employees to be cautious about opening emails with attachments from outside of your organization. Especially if you’re not expecting said email.
- Most scammers use generic language. Watch out for emails using “Dear customer”.
- Have your IT representative keep your anti virus software up to date and install email filters to avoid bigger issues.
Malware & Ransomware
Malware and Ransomware attacks will still be the top non-phishing related threat in 2021. This is especially true for small organizations and businesses. Why are they targeting small businesses?
Hackers know that every business today keeps its data on servers that are connected to the internet. All they need to do is to gain access through one of many people who may be connected to perform the attack.
Malware can affect a business in numerous ways. It can cripple the system making it come to a freezing halt. It can hinder your clients from being able to log on and use the services you provide them. They can maliciously delete all of your content or worse – steal it.
How do you avoid malware and ransomware attacks?
- The most common vulnerability for a small business is outdated software, hardware, drivers and other components. Ensure your IT consultant is making sure your hardware and software is up to date.
- Only run software when absolutely necessary. If you don’t need to run your software, close it to minimize risks.
- Remove outdated software and invest in newer technology to keep up with the newest security patches. Outdated, or “legacy” software can be a big security risk.
Database exposure can become a huge problem for any sized company. It is exactly what it sounds like: a hacker gained access to your database.
Most companies keep a huge amount of information in databases today. Hackers can steal a wealth of information from your databases such as names, phone numbers, emails, addresses, financial information, health information, identity information and a lot more.
Leaked data can become dangerous because hackers have more “legit” information to form a very sophisticated attack on unsuspecting victims. For example: let’s say a hacker was able to retrieve names, phone numbers, emails and dates of birth from your database. The hacker can then create a more “realistic” mass email which includes names and dates of birth.
People are more likely to click on scam links because the email they receive from, let’s say, a “bank” looks a lot more legitimate.
How do stave database exposure efforts?
- Ensure your IT admin is using the latest of technologies to set database firewalls and web application firewalls.
- Less is better. The least amount of connections (usernames and passwords) that you provide, the lesser chance you have of being infiltrated.
- Create backups on a continuous basis and always encrypt your data on the server.
Cybersecurity has never been more critical than ever. The world yearns more connectivity. The world is rapidly going more digital, and sometimes at a rate where we can’t keep up.
JTD offers a wide variety of cybersecurity services from protection and prevention to threat detection and recovery. Contact us today to see how we can help your business be safer in 2021.