Jun 13, 2023 | SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News
Now that Generative AI (e.g. ChatGPT) is here, phishing attacks may increase both in number and sophistication. How do businesses protect themselves? Awareness is a good first step, but gathering data using a security information and event management system (SIEM) is even better. Read on to learn how SIEM along with education and awareness training can reinforce your company’s efforts to prevent phishing attacks and resulting malware. What is SIEM? Security information and event management (SIEM) combines two separate systems to not only gather information but develop rules to help analysts understand what occurs in your company’s network. Security information management involves the gathering, monitoring and analysis of security-related information across different computer logs–including email applications. Security event management is involved in helping respond to incidents. SIEM brings the two functions together – the strong log-keeping functions of SIM with the response capabilities of SEM. The information is put together in a standard format, then aggregated and analyzed, helping IT professionals prioritize their threat response. Since SIEM can be outsourced to managed service providers (MSPs), it is possible for small to medium-sized businesses to afford it and not have to hire extra staff. SIEM and Phishing Attacks The security operations center of an average organization can receive tens of thousands of threats, and some can receive ten times more. What’s a small or medium-sized business to do? How do they know they are victims of a ransomware attack until the damage is already done? Security information and event management has the capacity to gather and analyze information about user authentication attempts, separating normal logins...
Apr 5, 2023 | SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News
Cyber attacks, including phishing attacks, seem to always be in the news these days. Ransomware, malware, data breaches, all are on the rise, with several high-profile attacks in recent years. Even more recently, the failure of the Silicon Valley Bank might promote spoofed bank websites and bank communications as attempts to gain access to company networks and personally identifiable information. Read on to learn more about the dangers of phishing attacks as well as how to recognize and prevent them. The Consequences of Phishing According to a 2021 CISCO report, many cyber attacks happen by way of fraudulent emails (and sometimes texts) wherein malicious actors masquerade as legitimate individuals or entities to get confidential information or to infect networks with malware. The sender of the email seems to be a legitimate sender, perhaps from a well-known company, or business the company has interacted with before. They may include an attachment appearing to be a PDF, or a URL in the body of the email. According to CISCO, nearly 90% of data breaches stem from phishing attacks, the majority of these attacks coming via email. Losses from these attacks are expected to reach $10.5 trillion by 2025–and the losses are not only financial. In addition to penalties for failing to comply with data protection regulations and loss of money through theft, reputational loss is a serious consequence. People’s dependence on technology for conveniences like e-commerce and gathering information online makes it easier for phishers to craft an email that appears genuine. How do you recognize what a phishing email looks like, and train your workers to...
Oct 18, 2021 | SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News
Many threats to your network abound, and often ransomware, malware and viruses enter your network through social engineering, or “phishing” emails. Read on to learn the extent of the problem and how you can keep your business from being affected by these threats. Phishing a Growing Threat Social engineering attacks, including phishing, are among the greatest threats to individual users as well as small to medium-sized businesses. Even though giants like Google and Facebook get the headlines, small to medium-sized businesses are not immune. Anyone and everyone can be a phishing target, and these attacks often come through email, something people use every day. A malicious actor sends an email (perhaps appearing to be from someone the recipient knows), trying to get confidential information like passwords or trying to insert malware in the network. According to a CompTIA State of Cybersecurity report, it can cost $1.85 million to remediate a ransomware attack. Often these attacks come through spam emails and contain dangerous links that, when clicked on, can introduce malware to your system. Spam emails, in fact, account for most of the ransomware attacks. In spite of the prevalence of phishing, many users are not aware of the risk; as many as 13.6% of recipients click on the link. How to Prevent Phishing Emails from Becoming Attacks In spite of such daunting statistics, there is good news–more awareness about the dangers of phishing scams. Many companies are consistently and systematically training their employees, and those with more than eleven campaigns per year (on average, one a month), have a low click-through rate, only 13%. This...
Jan 17, 2019 | SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News
According to a recent CompTIA report, even though people know what to do to avoid security breaches, they don’t always put this knowledge into practice. Employees can, however, take advantage of cybersecurity training in the workplace, learn to change passwords frequently, and implement other safeguards. How to Identify a Phishing Scheme The mouse arrow can be pointed at a suspected link exposing information you can use to identify an untrusted source. Another clue to be on the lookout for is a misspelling in the ‘reply to’ email address of the email. Third, hackers may use attachments that appear to be trusted (e.g., .txt or .doc) to try to get personal information. Inspect the extension of the attachment to ensure they do not include “.exe” as this may launch a cyber attack as an executable program. Be Aware of Spear Phishing Spear Phishing is a form of social engineering designed to get you and your employees to divulge specific privacy information by using relevant and trusted information to influence your behavior. This could include banking, vendor, customer or other familiar information to trick you into providing account, password and other privacy data. Similar to phishing, these same clues can be a help in avoiding “spear phishing” attacks. You may also consider reaching out to customers, vendors or employees to authenticate an email’s source before taking action. Monitor Your Network and Use Security Information and Event Management Technology to Cyber Attacks There are many options to monitor your network for intrusions. Network monitoring can identify unauthorized access, unauthorized network login attempts, unexpected network traffic in terms of volume or time of...
Jan 9, 2019 | SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News
The more technology advances, the more businesses must be aware of security breaches and hacker attacks. Where are hackers likely to strike in 2019, and how can you protect your business? Read on to learn more about new and existing cyberattacks to avoid. Toll Fraud Likely to Threaten Businesses Toll Fraud is an emerging cyber threat to watch out for. Toll fraud may happen when an attacker accesses your phone system to make fraudulent calls, possibly by posing as a new customer, placing calls (including expensive long-distance calls) directly from your business’s phone lines — on your dime! Cybercriminals may target businesses with in-house phone systems, rather than ones with Voice over IP (VoIP) systems. Toll fraud can be recognized and prevented through monitoring of a VoIP system. Be on Look out for Phishing Schemes Phishing typically uses emails to lure your employees into clicking on links that download malicious software (Malware). In addition, Phishing schemes may also get your employees to share internal information including passwords, confidential information, privacy information, financial information, patents and more. Educating your staff on how to recognize suspicious links and report them is your first line of defense. Ransomware is Everywhere Employees can also introduce Ransomware to your network, that can travel to all attached devices including your server. Once infected, you will be held ransom to regain access. If you pay, you are likely to be targeted again. Avoid ransomware by having strict policies to prevent thumb drives, guest PCs and other non-compliant devices attaching to your network. Having a reliable backup of your systems is a way to rapidly recover without...