Categories
Technology

Phishing Attacks In The Real World

 

When was the last time you almost lost $23,000 to a phishing email? This nearly happened to one of our clients this week. Fortunately, this phishing attempt was spotted before the funds were transferred, however, there are a few good lessons to take away from this story and we want to educate you so you can protect your company from these sorts of attacks.

“Bob’s Company” received an email at Accounting@Bobscompany.com. The email was from Bob@Bobsscompany.com.

The email wrote:

“Good Morning,

Please pay the attached invoice in the amount of $23,000.

Thank you,

Bob”
For the accounting manager, this was business as usual. The boss regularly sends requests to the accounting department to have bills paid. At a glance, there is nothing wrong with the email but in this instance, the tone of the email was unusual which caused for further investigation.

This phishing attempt was sophisticated enough to the point where the scam artist even took the time to forge a signature on the attached invoice that matched Bob’s signature. Fortunately, the accounting manager double checked with the boss before processing the transaction. What’s scary is just how close the accounting manager came to processing the payment which is a mistake any one of us could make. If they weren’t paying attention or were just in a hurry, anything could have happened.

What’s important to take away is just how predictable we are. Most companies operate the same way with similar departmental and communication structures. If this wasn’t true then social engineering scams wouldn’t work. This was a close call for just one company and it isn’t hard to believe that whoever sent this email has sent thousands of them and likely got paid on a handful.

These types of attacks are becoming more prevalent than any other because they are cheap, easy and work on businesses of all sizes. “Bob’s Company” is a small business, not a behemoth company that you surmise a hacker would go after. Small businesses are easy targets from a hacker’s perspective because many of them do not invest in security and user training like large companies do.

Some actionable steps you can take to avoid falling prone to this type of attack are:

  1. Avoid using departmental emails like Accounting, Payroll or HR. This lets the hacker know that they are sending the phishing email to the right person making it more likely for the email to have the hackers desired effect.
  2. Use regularly changing keywords when sending requests for a transfer of funds. Change this keyword every month and instruct your staff never to transfer funds without the keyword in the email. This is a really low tech solution but it works. These attacks are intended to trip you up when you aren’t paying attention. The majority of attacks never involve someone spying on your network and learning your passwords and company secrets. Simple though it may be, this is an effective form of two-factor authentication.
  3. Use free spoof phishing tools like KnowBe4 to test your employees to see who is likely to click on phishing emails. Invest in those employees by training them on what to watch out for.

We are living in an ever-developing world where cybercrime is global, the barrier to entry is low and we humans are the weak link in the chain. Since cybercrime has such low risk and high reward these scams will become more frequent and sophisticated. Businesses will have to adapt to these changes and develop strategies to protect their resources. It is important to consult with your IT partner to learn how you can train your employees and set up security measures that will prevent this coming wave of cybercrime.

Categories
Technology Training

Harden Employees Against Ransomware With KnowBe4

Are you curious to see who in your company is most likely to download a virus on your network? Well now you can find out and the best part is, its free. With KnowBe4 you can administer a range of free tools that will allow you to see which of your users is most likely fall for phishing emails.

The sad truth is that some people will click on anything that comes across their email inbox. This is how most network infections start. Till more recently, there hasn’t been a lot anyone could do to prevent this. KnowBe4 allows you to find those trouble users and train them so that this major hole in your network can be filled.

From a compliance standpoint, KnowBe4 offers actionable data that will allow you to show your HIPAA or PCI compliance officer that you are taking actions toward due diligence.

As an IT company, we do our best to prevent major disasters with layered security involving anti-virus, managed firewalls, Office 365 spam filtering, security permissions and most important, great backups. Even with all of these security measures in place, there isn’t a foolproof method to ensuring that a few phishing emails won’t slip by unnoticed. We rely on backups to get our clients up an running quickly but even under the best of conditions, it is still better for the virus to have never been clicked on to begin with.

For a small investment in time, you can’t afford to not use these great free tools from KnowBe4. Take a few minutes to watch our new video on how to get started with KnowBe4 and harder you users against malicious emails.

Categories
Technology Training

Learn how to use a VPN

You may have heard of, or even used, a virtual private network (VPN), but do you know what it is? A VPN is an encrypted tunnel through a wide area network (WAN), also known as the Internet. This means that the network does not have to be located in one physical location, unlike a local area network (LAN). By using encryption and other security measures, a VPN can scramble all the data sent through the WAN, so the network is “virtually” private. In other words, a VPN allows you to access the files on your local network over the internet from an airport, coffee shop or another country, and you will be as secure as if you were sitting in your office.

Businesses commonly use VPNs to communicate across multiple locations. A large company that has offices in several cities may need to send data between their locations via the Internet. To keep the information secure, the company will set up a VPN with an encrypted connection, effectively giving the company a secure intranet over the Internet.

In this video, we will show how you can download one of the many VPN services on your computer. Once downloaded, we will show you how to set up and use this tool. Although there are many VPN options to choose from, most of them work the same way. If you are going to be traveling for work, or need to work from home or a coffee shop, it is important to send and receive sensitive data over a VPN. Otherwise, you are opening a direct access to all of your company’s sensitive information, and risk a security breach. For more information, or if you would like to set up a VPN for your company, contact eTop today.

Categories
Technology

Data Backup Verification Audit

You’ve likely heard more than enough times that you need to backup your data. This is what every software vendor and IT partner will preach to you from day one. They’re right, of course, but there could still be potential problems. How do you really know that you have backups? You may have a backup appliance, and you may be under the impression that you have all of your data in the cloud, but do you really? How can you know for sure?

data backup verification

Making the assumption that your data is backed up just because you have an attached storage, or because you are paying for a hosted backup solution, has gotten many businesses into trouble. The truth is that backups fail, and they fail frequently. Backups are a service that requires attention and maintenance, and if you neglect it, it will fail you. This is a risk that you cannot afford to take.

As an IT company, we work with many new customers who come to us because they have lost data, even though they were under the impression that their data was backed up. As a result of this, we offer free data verification audits that will show you exactly where your data is and what to do if it is not backed up. If you can say that you don’t know where your data is, we encourage you to contact us today to schedule a free data backup verification audit.