Your business relies on emails every day – and that’s exactly why scammers target them. Email has become an essential tool for any successful business, but as the saying goes, "with great power comes great responsibility".
As a business owner, it’s your responsibility to make sure your emails are secure. It’s one of the key ways to stop your business data falling into the wrong hands. Business Email Compromise (or BEC) is a growing threat. And if you become a target, it could cost you – big time. So, what exactly is a 'BEC attack'? In simple terms, it’s where scammers pose as people high up in the business, like CEOs, executives, and IT staff. The goal is to trick your employees into sharing sensitive information or sending money. Research shows that nearly 90% of BEC attacks are set up this way. It’s easy to see how someone might quickly respond without a second thought, especially when they trust the sender. BEC attacks have spiked dramatically this year, especially over the third quarter. Researchers have analyzed 1.8 billion emails worldwide, discovering a shocking 208 million malicious emails among them. And of these malicious emails, more than half (58%) were BEC attempts. The figures make it clear: BEC scams are now the biggest email threat to businesses. Another thing worth noting? Most BEC scams target employees lower in the business, who might be less likely to question authority or be less aware of cyber threats. Although BEC attacks are common, it’s also important to remember that scammers still use other methods too. This includes commercial spam and phishing attacks, which are designed to trick people into sharing personal information, like login details. In fact, the combined effect of these types of scams now overshadows traditional ransomware and malware attacks. Luckily, it isn’t complicated or expensive to protect your business. Simply make sure that all members of your team are trained to think twice about every email they receive. If an email asks for sensitive information or a financial transaction – especially if it feels urgent – your employees should know to stop and check with someone before they action anything. If you need help making sure your business is secure, get in touch. What’s easy to overlook but could leave your business open to cyber attacks? Unused logins. Yep, something as simple as failing to delete an old account could have serious costs for your business… When someone leaves your business, you might be so wrapped up in the rush of everyday tasks, you forget to delete their login details.
It’s easy to overlook. You’ll get around to it later, right? But unused login details could be a ticking time bomb for security breaches, leaving the doors wide open to cyber criminals. It can also be an unnecessary drain on your budget if you’re paying for old subscriptions you no longer need. A recent report found that almost half of businesses had accounts that were no longer actively managed. If you’ve forgotten about an account, you’re not monitoring it. And this leaves your business vulnerable to attacks. These risks aren’t just hypothetical, either. Many cloud security breaches happen because unused login details and accounts have been compromised. So, what do you need to do? Take the time to audit all accounts and login details used by your business. Make sure you no longer have accounts open for ex-employees (and check that their access has been fully revoked, not just left inactive). Even if you outsource your I.T., it's important to let your Managed Service Provider know when an employee has been terminated (I.T. folks may be magic, but we're not mind readers!). The same goes for any software or service that you’ve stopped using in your business. You might not realize you’re still paying for a service you haven’t touched in months – or even years. Going forward, make sure you have a clear process for when people leave, and regularly review the applications and services your business uses. If you’re not sure where to start, let us help you perform a security review and make sure you’re not leaving your business exposed to unnecessary threats. Get in touch. Microsoft is warning business owners that trusted cloud storage services are being hijacked to trick you into handing over your data. Microsoft is warning business owners about a new type of phishing scam (where cyber criminals pose as a trusted source to trick you into giving away login info), which uses popular cloud services like SharePoint and OneDrive. Although these platforms are usually safe, scammers have figured out how to trick privacy settings to get past security checks.
The scammers hack your cloud storage by stealing your login details or buying them on the black market. Once they get inside, they upload a file that is designed to look authentic – like a fake Microsoft 365 login page. They set the file to “view-only” or limit access to specific people, such as you and your team. Opening these files or following any links inside the emails could cause serious damage to your business. Scammers can use your information to access your systems, or they can install malware (malicious software) that lets them cause disruption and steal information. Recovering from these kinds of attacks can be expensive and time-consuming – not to mention the damage it could do to your business’s reputation. Make sure your employees are aware of this new threat and know to be cautious when opening emails, even if they appear to come from a trusted company or individual. Before opening any shared files, double-check the sender’s identity. If something feels off, contact the sender directly to verify it. However, do not contact the sender by directly replying to the suspicious email. We strongly recommend calling the sender and speaking with them over the phone. Make sure you use multi-factor authentication (MFA) across all your team’s devices. This adds an extra layer of security by requiring a second piece of information (like a code sent to your phone) along with your password. Also, keep your security software up to date so that it’s always ready to block the latest types of attack. Would you like our help protecting your business with added security, training, and monitoring? Get in touch. Your business data is backed up and recovery tools are in place. So, your data is safe, right? Sadly…not always. Here’s why we recommend backups are checked regularly. A third of all data loss is caused by problems with backups.Losing access to your business’s data – even temporarily – is a nightmare worthy of a horror movie.
Data backup tools create copies of your data and store them in a safe place. If something goes wrong, recovery tools will use these copies to restore your lost files. So, if your business already uses backup and recovery tools, you’d think your data is safe… but this isn’t necessarily true. A new report shows that some backup tools aren’t always as reliable as they should be. In fact, a third of all data losses are caused by backup-related issues. When people try to recover data, they discover it’s been lost or corrupted. It’s not just corrupted backups that you should be aware of. One of the biggest threats to businesses right now is ransomware. This is a type of malicious software (or "malware") that locks you out of your files unless you pay a ransom to regain access. The report found that half of businesses using backup tools still ended up paying ransoms to retrieve their files, because it was faster than trying to use their own recovery tools. Even worse? Only a small number of businesses that paid ransoms were able to fully recover their data. Backup tools are supposed to keep your data safe, so why are they unreliable for so many businesses? Often, it’s because they haven’t been set up properly. And even when they are, they still need to be verified regularly to make sure they are still backing up your files. Also, older backup and recovery tools can’t always keep up with today’s sophisticated cyber attacks. Setting up and maintaining a reliable backup system can be complicated. IT experts (like us) can make sure your tools are running correctly every day. We can also put in place extra safeguards such as continuous data protection (CDP). This constantly saves changes to your files, allowing you to go back in time and restore your data as it was just before an attack or loss. This is something we do for businesses like yours every day. If you’d like to discuss our Managed Backup Services, get in touch today! The technical rules have recently changed. |
Tech Force BlogWe provide you with important, practical tips and insight for your technology and networks for both home and business. Archives
December 2024
Categories
All
|