March 6, 2021
As companies continue to try and figure out what the modern office looks like in a post-COVID world, cybersecurity should remain a top priority for businesses of all sizes. Cyberattacks increased by 400% under COVID-19, with ransomware remaining one of the most popular tactics. Ransomware involves locking companies out of their own systems and demanding payment in exchange for returning access.
Though ransomware has often been viewed as a threat for larger companies, the rise of Ransomware as a Service (RaaS) has put smaller businesses in equal danger. RaaS allows people of all technical levels to purchase or license hacking programs that perform ransomware attacks on unsuspecting businesses. Those utilizing RaaS often target small businesses, as they typically have weaker defenses.
In order for a ransomware to work, however, the program first needs to gain access to your systems. The most common way of doing this is through “phishing”. Phishing is a tactic that attempts to trick people into providing sensitive information such as usernames, passwords, etc. It is most commonly dispersed through emails that pretend to come from a legitimate source.
Phishing can be used to deliver a variety of cyberattacks.
Despite being around since the 1980s, phishing is more popular than ever. Today’s phishing attacks can be very advanced, tricking countless people into providing valuable information.
Modern Phishing Schemes
With more and more people working from home, many phishing scams have specifically targeted those isolated from coworkers and IT managers. In the early months of the pandemic, approximately 2500 fake Zoom-related domains were registered. Hackers and malware programs would then send phishing emails from these domains, trying to trick people into clicking harmful links or provide sensitive material.
A more specific type of phishing attack is called “spear-phishing”. Spear phishing utilizes someone’s personal information that has been mined from other sources. This could include your name, the names of friends or coworkers, and even past passwords that have been compromised.
Email isn’t the only method of phishing. Phishing schemes also use automated voice messages in an effort to steal information over the phone. You should always be very wary of providing sensitive information such as a bank account number or social security number over the phone.
Text message and social media phishing attacks have also become increasingly popular as well.
Protecting Against Phishing Schemes
Arguably the first and most effective defense against phishing is employee education. By training your employees to look out for various tactics, you can empower them to avoid scams altogether. They should know what modern phishing emails look like. They should be trained to take steps such as verifying the address that an email came from before clicking links or providing information.
Still, with how sophisticated modern phishing attacks are becoming, it’s only a matter of time before someone makes a mistake. After all, human error is a major contributing factor to 95% of all breaches. This is why you need other defensive measures in place as well.
Enabling multi-factor authentication is a good place to start. Even if a scammer gains access to your credentials through phishing, they won’t be able to use it without authorization. There are ways around this, however. Additionally, multi-factor authentication won’t prevent malware programs from being downloaded onto devices.
Ultimately, you need a fully-formed cyber strategy to truly keep your business protected against today’s threats. This includes action protocols, risk-based management, automated backups, and more. At Expedient Technology Solutions, we provide cybersecurity and disaster recovery services that keep your business prepared for whatever might happen. Our IT consultants in Dayton, Ohio can also assist in creating strategies and educational materials for your employees.
Our services are designed to be scalable, providing your business with what you need while helping you avoid unnecessary expenses. Keep your business safe from phishing and other cyberthreats. Contact Expedient Technology Solutions today!
Want to learn more about how you can protect your remote workforce in 2021? Make sure to register for our free webinar on remote workforce security by clicking the button below.