Jason Fry, Managing Director at PAV i.t., discusses how businesses can protect themselves from cyberattacks, as social engineering becomes an increasingly bigger threat.
One of the most prevalent threats currently facing the business community is human naivety in the face of increasingly sophisticated and elaborate social engineering scams. It’s no longer about simply obtaining banking or credit card details but gathering the right information to enable fraudsters to dupe their targets in a more intricate and elaborate way.
Inadequate email protection
The most vulnerable area for companies is the loss of information through either the neglect or inadequate protection of email when collating customer information, which makes accessing information easier for fraudsters. If scammers are able to gather this information they can use it to dupe customers for monetary gain via ‘spear-phishing’, a process used by a fraudster which involves imitating emails so recipients believe it is from someone they know.
Employee awareness and education
Both companies and their customers need to be educated about the issues which arise from human naivety. Employees most at risk because of the nature of their job, such as staff able to authorise payments or cash transaction should be operating a two-layer authentication process to help eliminate breaches, a username and password and the additional backup of a randomly generated personal identification number (PIN) for every new transaction they process.
Adequate email protection
Using employee data from easy to obtain information sources such as LinkedIn can make it incredibly easy for fraudsters to gain access to company emails. Businesses can reduce their exposure to such risks by ensuring end users are only able to access the data they need and immediately removing access to systems the moment someone in the business leaves.
Sharing experiences
Businesses would benefit greatly from an online community where they can share their experiences of cyberattacks but unfortunately the subject still remains much of a taboo amongst business communities that don’t wish to admit to falling foul of a security breach.
Upcoming threats
Ransomware – a form of malware, which typically propogates itself as a trojan, systematically encrypting files on a system’s hard drive, rendering it impossible for users to access or unlock devices without paying a ransom – is predicted to be a major upcoming threat to businesses, as well as the wider economy, with the potential to cause unprecedented disruption.
A robust security policy needs to not only include the traditional protection of systems, such as anti-virus and firewall software, but also iron clad processes should be adopted and communicated effectively to staff to prevent information from being leaked and to reduce the likelihood of customers becoming victims of duping scams.
For more information about PAV i.t. services, please visit www.pav.co.uk