Cyber security is no joke in the modern world of business. There are new technological innovations almost daily, which lead both individuals and businesses to want to get their hands on next big thing. While it is exciting to try to keep up to date with technology, adequate consideration is not given to its use by most persons, which results in ease for malicious parties to exploit various vulnerabilities.
Therefore, there are many stories that you have probably heard about major corporations and their technology getting hacked resulting in heavy losses. Statistics go a long way in proving that human error is at the center of most of these successful attacks and misinformation or a lack of information are usually the top culprits in these scenarios.
Consider the fact that hundreds of attacks are launched at businesses daily and most of them require someone inside a business to make an erroneous decision for them to be successful. It is statistically proven that cyber-attack damage can be reduced by up to 70% just by having individuals that are informed and those that know what kind of signs to look out for. Therefore, to ensure that your workforce is armed with the correct information, here are the most common cyber security attacks and how you can identify and avoid them.
This is arguably the most popular attack in the world today. These attacks function in a similar manner to fishing. In a manner of speaking, malicious parties throw out a lure, and there is no success unless an unsuspecting individual takes the bait.
E-mail is the medium used for phishing attacks. During these attacks, users receive an e-mail containing a link that unleashes malicious software when clicked. The body of the email attempts to get the user to click on the link by using familiar information to convinces users. This may be a fake e-mail address that closely resembles a CEO address, a bank’s logo that resembles that of the user’s preferred bank, etc.
Incorrect e-mail addresses, incorrect spelling, wrong company, information, and a sense of urgency to get you to click on links are some of the telltale signs of this. Avoid clicking on links without verifying with the supposed sender first and remember banks don’t ask you to e-mail them your account number and credit card information.
The idea behind social engineering is to get you to provide information about your business through targeted questions that are designed for you to divulge sensitive information about the business.
This is typically done over the phone and the attacker pretends to be someone you can trust. For example, someone you don’t know may call and state that he is you “IT guy” without giving a name. He may then name drop someone such as your CEO and say that he needs some information. If your instincts think that a request is a little weird, trust them. Do not pass on any sensitive information unless you are certain who you are speaking with and you know that this person has the right to be accessing the information that is being requested.
This one sounds like something out of a movie, but it is a real threat. This is where malicious individuals gain physical entry to your business. In a business with a key card system for example, someone you don’t recognize may tell you that he/she left his/her card at home then ask you to let him/her in. Another form of this is where an unknown person strikes up a conversation with you or slides in to an existing conversation, followed by the asking of sensitive questions.
The intentions can be varied here as the aim could be anything from placing an infected USB drive in a PC to getting information to prepare for a phishing attack. Be wary of unknown persons and don’t let anyone in your building using your pass.