Compared to large businesses, small and medium-sized businesses are at a greater risk of being attacked, owing to the fact that they lack extensive security measures and policies to prevent these attacks from happening.
This article covers the four most common cyber-attacks and offers expert tips on how to avoid them.
Despite being one of the oldest forms of cyber-attacks, email phishing is still alarmingly successful. Research shows that it accounts for 80% of all cyber-attacks.
What is email phishing? Typically, this is an attack that occurs when someone poses as a trusted source, for instance, a colleague. This person sends a malicious email that tricks you into downloading malware or giving away vital data.
There are two kinds of email phishing, namely spear phasing, and whaling. Spear phishing is more targeted compared to whaling, in that it is designed to target a specific user. Hackers usually do tons of research about an individual on their social media profile or company website before sending out an email.
One of the most popular examples of spear-phishing is the attacks on Hillary Clinton’s presidential campaign in 2016 (BBC Report), where staffers received emails with links to a document dubbed ‘Hilary Clinton’s favourable ratings.’ Anyone who opened it was redirected to a site that stole their personal data.
Whaling is much like spear phishing, but instead of the email coming from a colleague, it comes from a senior. More about phishing...
Businesses can avoid email phishing by:
- Training their employees on how to spot emails from dubious sources. Teach your employees how to scrutinise email addresses and their contents. Mostly, scammers use poor English, and their emails are likely to have plenty of grammatic mistakes. Also, they are not likely to address you by your name and might refer to you as ‘friend’ or ‘colleague’.
- Using the latest software to deal with any malicious links and prevent phishing emails from reaching users.
- Backing up data to avoid losing everything in case a hacker erases or interferes with it.
- Avoid giving out sensitive business or personal information.
Malware is short for malicious software. It refers to software that can easily access, destroy, or disrupt your computer without your knowledge.
Malware can be used to spy on you, delete files, or install more malware on your computer. Spyware, viruses, and trojan horses are all types of malware that could potentially infect your computer when you:
- Open email attachments that contain malware.
- Download software that contains malware.
- Opening links or clicking pop-up windows that might cause malware to start downloading.
- Visit an infected website or blog.
To avoid malware:
- Invest in anti-malware software and keep it up-to-date
- Always scan physical media such as flash drives before using them to ensure that they are not infected.
- Avoid clicking suspicious links and adverts.
- Encourage employees to use up to date browsers that block pop-up windows
Although ransomware is a type of malware, we’ve put it under a different category, primarily due to its slightly different approach. This type of malware, instead of just infecting your computer, also encrypts your files. This, in turn, allows an attacker to hold your data hostage and demand a ransom to restore access to the data.
Ransomware might access your computer using the following methods:
- Email phishing whereby you open an attachment in an email. Once you download and open the file, it ends up taking over your computer as most ransomware files have built-in tools that trick you into allowing administrative access.
- Manipulating security gaps in your network and infecting your computer without needing to trick you into allowing administrative access.
Individuals and businesses alike can prevent ransomware by:
- Installing antivirus software that detects malicious programs and software.
- Keeping their operating systems up-to-date and patched to seal off any security loopholes that hackers might exploit
- Avoiding giving software any administrative permissions unless it is from a trusted source
- Backing up files and all data to minimise the effect of ransomware attacks
Ses our article on ransomware for further information.
Watering hole attack
A watering hole attack is also a malware attack. In this attack, the attacker’s aim is to compromise an end-user or a group of end-users by infecting a website that they visit regularly. The most common targets of watering hole attacks are employees of large enterprises and government entities.
Usually, an attacker identifies and profiles their target to determine the sites that they visit regularly. The hacker then looks for vulnerabilities in these sites and injects malicious code into them. The chief goal is to infect the site then gain access to a company’s data and network once the target visits the site on a work computer.
Though watering hole attacks are not that common these days, they are dangerous because they are harder to detect. Thus, they can expose your business to considerable data theft and damage.
Businesses can prevent watering hole attacks by:
- Educating their employees about the existence of such attacks.
- Blocking traffic to all websites that they discover to have been infected.
- Configuring browsers to make it easy to notify users about “bad’” websites.
- Regularly inspecting the popular websites that employees visit for malware.
In addition to these measures, bigger businesses should consider bringing in cyber-security specialist recruiters to help with the process of employing cyber-security experts to your business, which will in turn help to keep systems secure and safe. Having an expert makes it easy to monitor the most visited sites, as well as the company’s network for any vulnerabilities that hackers might exploit.
It can be quite challenging to eliminate all cyberattacks. However, by investing in cybersecurity software and employing security experts, your company can avoid almost all dangerous attacks.
Educate your employees about the cyber-attacks discussed above, as well as how to avoid them. Also, always set aside a budget for cyber-attack prevention, which you can use to buy antivirus software, and take other security measures.
Do you find this article useful? Comment below...