If your company is afraid of cybercrime, it’s important to understand the bigger picture first. Cybercriminals will infiltrate your system for three reasons:
- To invade your privacy.
- To compromise the trustworthiness of your data.
- To deny access to information.
Once you understand their motives, familiarize yourself with the tactics criminals use to infiltrate your system like phishing, malware, ransomware, identity theft, and scams. To better understand cybercriminals and how to notice, prevent, or fix an attack, we’ve prepared the following overview. Know how to protect yourself against a costly attacks on your confidentiality, integrity and availability.
Common Types of Cybercrime
1. Confidentiality – Invasion of Privacy
Your company doesn’t have to be in health care or financial services to hold data that’s considered private or valuable. Cybercriminals will monetize your:
- Employee information
- Customer records
- Contact lists.
They’ll extract any valuable data from email addresses to social security numbers. Some of this information can be monetized right away, but often your data is sold to others who compile it with data from other sources. In this way, criminals build a more sophisticated attack.
Intellectual property like designs, drawings, plans, trade secrets, and know-how is a valuable commodity to those who want to attack your competitive edge.
Cyber security and privacy are external and internal concerns. Just as you need to protect information from outsiders, create policies that guide internal access to information in a way that protects your company from harm. We can show you how to protect your data at all access points.
2. Integrity – Compromises to the Trustworthiness of Your Data
You don’t hear as much about data manipulation crimes as you do with confidentiality but as hackers become better at entering systems, the risk of this type of cybercrime is increasing. The motivation behind an integrity attack can be:
- To compromise decision making.
- Cause damage to the company reputation.
- Commit fraud that will result in monetary gain.
Examples of attacks on data trustworthiness might include:
- Changing the destination for invoice payments or payroll deposits.
- Hijacking communications systems such as email or social media to make unauthorized messages or transactions.
- Modifying data that will change the outcome of a situation.
Entry might occur when an employee uses unsecured methods to access company email and files. Other times someone inadvertently downloads malicious code that opens a door to the intruder. By educating your staff and placing safeguards, you can protect yourself against these type of cyber security breaches.
3. Availability – Denying Access to Your Information
Sometimes hackers will target information in an availability attack and other times their goal is access to a machine or network. Perform a google search for “hospital hacked” and you’ll find a disturbing trend. While hospitals are a big target, the use of ransomware for extortion is not limited to the healthcare field.
By threatening a denial-of-service (DoS), or holding data hostage, a hacker can demand a ransom payment. If you don’t pay, they can disrupt your operations and damage your company’s reputation or ability to do business.
With the increasing number of devices connected to the internet — from smartphones to manufacturing machinery — hackers have an ever-growing list of targets for malware and availability assaults. You might believe you’re immune to attacks but small businesses are easy and frequent targets. We can help your business reduce its vulnerability to availability attacks by protecting thepatchesand ports in your network.
Common Cybercrime Tactics
Now that you know why cybercriminals may be attacking your system , here are some common ways hackers try to obtain your data along with ways to notice, prevent and recover from attacks.
Phishing attacks are the most common security breaches. Cybercriminals use email, social media, or other forms of communication to steal data or gain access to networks.
Common email phishing scams embed a link in an email that redirects an employee to a website that asks for sensitive information. We’ve all been warned not to put a password into sites we’ve been directed to via email. But during a hassle-filled day, how many of us remember?
How to Protect Your Business from Phishing Attacks
- Train employees.
- Reset passwords.
- Use spam filters.
- Increase login security.
Employee training helps with this one. After training, some companies even test employees by using a product that sends fake phishing emails to staff and reports how many were opened. This type of program can help you gauge how effective your training is and help you to refine programs to be more interactive for your staff.
Placing protective measures is also important. Ensure that all passwords are reset regularly and that they’re sufficiently complex. Use spam filters to recognize emails from suspicious sources and prevent them from ever reaching employee inboxes.
Deploy a web filter to block malicious websites and encrypt all sensitive company information. You could even disable HTML email messages. Deploy two-factor identification to prevent hackers who might have one form of user credential — such as a password — from gaining access to a website.
Using a proactive IT firm to set up and manage your safeguards can be a huge relief for small businesses that already have enough on their plates.
Malware is an abbreviation of “malicious software.” It refers to software that is specifically designed to gain access to or damage a computer. The term encompasses a broad swatch of cybercrime tactics and types of malware attacks include:
- Trojan horses
Any of these can infiltrate a computer and send information stored in the company network back to cybercriminals.
How to Prevent Malware Attacks
- Determine if your machines are already being compromised.
- Stay on the lookout for future attacks.
- Protect your systems against malware infiltration.
Educate yourself and be aware of how a malware or botnet will manifest in your environment. For example, you won’t see your computers slow down, as infected computers were prone to do in the past. Today’s malware knows to do its work on a computer when the computer is idle without calling attention to itself. So, when all is quiet, there could be an issue.
A good way to determine the presence of an attacker is to scan outbound communications records to find communications to suspicious domains. Look at your DNS server to see if you have outbound requests to websites that end in .ru or .cn. Unless you’re doing a lot of business with companies in Russia or China, communication with those countries should be investigated. A huge percentage of malware comes from them and frequent communication with sites in those countries is a strong sign your IT equipment may be compromised.
Take action to prevent future attacks by ensuring all your computers on a network aren’t running the same operating system. Reinforce to employees the importance of staying away from suspicious websites and not clicking on email attachments. An IT service provider can assist with all of these efforts and help monitor your network for signs of potential malware.
Ransomware, often spread through email attachments, is a type of malware. But unlike malware, which self-destructs or flies under a company’s radar, ransomware attacks will alert users that their data has been compromised. What’s the logic? As the name implies, ransomware creators profit by holding your data hostage. The attacks can lock devices and render them useless until you make an online payment. Or they lock you out of your data until you pay the ransom specified by the attacker in return for access to your own data.
How to Prevent Ransomware Attacks
- Establish best practices.
- Update antivirus software.
- Install software patches.
You’ll also want to regularly update your antivirus software. Not too long ago, people updated their antivirus software once a month. Now, it should be at least hourly, but bigger firms often update constantly because things develop that quickly.
And don’t forgo the endless routine of installing software patches to mend holes through which botnets and malware could slip. If you’re unsure where to start or feel overwhelmed, a proactive IT provider can enact practices to keep ransomware from impacting your business.
Identity theft is a well-known cybercrime tactic, but employees can still find themselves vulnerable. This, in turn, makes their employers vulnerable, as well. Identity thieves gain access to an employee’s personal information and use it to their own ends.
How to Protect Your Business from Identity Theft
- Train employees.
- Reset passwords.
- Filter email
Many of the practices used to combat phishing attacks work here, too, because phishing is the ultimate form of online identity theft.
Cybercriminals can send emails that seem as though they’re from an employee’s colleague or business contact. Ensure employees never email personal or financial information, even when they know the recipient. Employees should never give any type of business information via the internet whether on a website or by email.
Scams are carried out through email, social media, and mobile apps. On social media, scammers pose as people’s friends or make up profiles, gain trust, and ask for pertinent business or personal information.
Consider placing all social media sites behind a firewall. This can be hard to do if employees need access to certain social media sites, like LinkedIn, for work.
How to Protect Your Business from Online Scams
- Educate employees on existing scams.
- Never email sensitive information.
- Send weekly reminders.
Ensure employees are familiar with the latest scams. Some of them appear to be from social media sites like Facebook or Twitter and claim an employee’s account has been closed or canceled. The email provides a link to click on to reinstate the account. Clicking on the link gives cybercriminals enough information to hack into accounts or can install malware onto a computer.
Another scam seems to be from executives or another employee in your company and asks for sensitive information like W-2 or wage statements. If the person receiving the email thinks it’s real, the cybercriminal gains access to employees’ personal information and your business information.
Other scams look like emails from shippers and claim to offer tracking information for a package sent to an employee. Click on the link in an email and a virus is loaded onto the computer, smartphone, or tablet the employee has used to access email. Such a virus can capture every keystroke to get username, password, and sensitive business information.
The scams may change but the takeaway is simple. You can appraise employees of current scams, but the bottom line is they shouldn’t click on any link or open an attachment in an email they weren’t expecting. You may need to send out weekly reminders.
Cybersecurity is Our Business
Assess your risk for cybercrime. Consider the information that you use and store in your business. What damage would you suffer if you were the victim of a confidentiality, integrity, or availability cyber attack.
Undoubtedly, security is not just an IT concern. It’s a business concern. The reason why many companies fall behind in this area is that they lack expertise.
Managed IT Service Providers, like Thriveon, partner with companies to supply the cybersecurity expertise and technology tools that thwart the growing threat of cybercrime. We can take the burden and fear of cybercrime off your company with a customized IT strategy that is aligned with business goals.