Posted on Leave a comment

Stop! And think, before you act on that email

How many times a day do you respond to an email without really thinking about its contents?  

Maybe it’s a request for some information. Perhaps it’s asking you to pay an invoice. All mundane stuff. But no sooner than you’ve hit send, you’ve fallen victim to a Business Email Compromise (BEC) attack.

A BEC attack occurs when a cyber criminal gains access to your business email account and uses it to trick your employees, customers, or partners into sending them money or sensitive information. They do this by impersonating someone senior, and abusing their position of trust. 

It might sound like something that only happens to big corporations, but that’s not the case. 

According to the FBI, small and medium-sized businesses are just as vulnerable to BEC attacks as larger ones. In fact, these attacks have cost businesses more than $26 billion over the past few years.

And Microsoft brings more bad news, with its recent findings showing that they’re getting both more destructive and harder to detect.

So, what can you do to protect your business from BEC attacks? Here’s our advice:

1.     Educate your employees: They are the first line of defense against BEC attacks. They need to know how to spot phishing emails, suspicious requests, and fake invoices. Train them regularly on cyber security best practice, like strong passwords, multi-factor authentication, and secure file sharing.

2.     Use advanced email security solutions: Basic email protections like antispam and antivirus software are no longer enough to block BEC attacks. You need more advanced solutions that use artificial intelligence and machine learning to detect and prevent these attacks in real-time. Look for email security providers that offer features like domain-based message authentication, reporting, and conformance (DMARC), sender policy framework (SPF), and DomainKeys Identified Mail (DKIM).

3.     Set up transaction verification procedures: Before transferring funds or sensitive information, establish a verification process that confirms the authenticity of the request. This could include a phone call, video conference, or face-to-face meeting. Don’t rely on email alone to confirm these types of requests.

4.     Monitor your email traffic: Regularly monitor your email traffic for anomalies and unusual patterns. Look for signs like unknown senders, unusual login locations, changes to email settings or forwarding rules, and unexpected emails. Make sure you have a clear protocol in place for reporting and responding to any suspicious activity.

5.     Keep your software up to date: Ensure that you’re always running the latest version of your operating system, email software, and other software applications. These updates often include vital security patches that address known vulnerabilities.

BEC attacks are becoming more common and more sophisticated, but with the right awareness, training, and security solutions, you can protect your business.

Don’t wait until it’s too late – take action today to keep your business safe.

If you want to know more about how to protect your business from cyber threats, our team is always ready to help you. Give us a call. 

Posted on Leave a comment

Is your business data at risk? Don’t take chances with old tech

When you replace old computers or external drives, do you delete data and then just… get rid of them?

You could be putting your sensitive data at risk.

A new study by a data recovery specialist shows that millions of deleted files can be recovered from improperly wiped hard drives that are sold online.

It’s not just buyers who can access your old files. Cyber criminals often buy used hard drives and attempt to recover data from them. This could include anything from confidential business information to client details.

It’s easy to forget about old data when you’re excited about shiny new technology. However, it’s important to consider what’s on that old drive before selling it or disposing of it.

Even if the drive is encrypted, it’s still possible for data to be recovered. And if the drive is damaged, there’s a chance that some of the data is still salvageable. It’s better to be safe than sorry when it comes to sensitive information.

Think about it this way: Would you leave important documents lying around for anyone to see? Of course not! Your digital information deserves the same level of protection.

So what can you do to protect yourself?

Don’t let your old hard drives become a liability. Take the time to have them properly wiped or destroyed before disposal. If you’re upgrading hardware, consider hiring a professional to handle the data transfer and ensure that your old devices are wiped clean.

This isn’t just about protecting yourself. It’s about protecting your employees, clients, and anyone else whose personal information you may have stored on that old drive.

It’s a small investment to make for the peace of mind that comes with knowing your data is safe from prying eyes.

Don’t take chances with your data – take action to protect it:

  • Properly wipe or destroy old hard drives
  • Bring in a professional for your hardware upgrades
  • Upgrade your overall security practices

Published with permission from Your Tech Updates.

Posted on Leave a comment

Here’s how cyber criminals try to hack your accounts while you sleep

Have you ever felt frustrated by the flood of notifications from your multi-factor authentication (MFA) app?

Well, cyber criminals have too. And they’re taking advantage of “MFA fatigue” to try to gain access to your sensitive business data.

MFA is essential for keeping your data secure. It adds an extra layer of security to your apps and accounts by asking you to verify your identity in two or more ways, such as a password and a code sent to your phone.

The constant alerts can be overwhelming though.

Attackers know this and will bombard employees – sometimes in the middle of the night – with a constant stream of MFA notifications. Which makes it more likely someone will authenticate a login attempt through frustration, tiredness, or just to get the notifications to stop.

But now there’s a new weapon in the fight against MFA fatigue.

Microsoft Authenticator has introduced number matching as a way of making sure your MFA notification is from the correct login attempt, preventing cyber criminals from taking advantage of notification fatigue.

How does number matching work?

When you receive an MFA notification, the app will display a randomly generated number. You then need to input this number to authenticate the login attempt and prove you’re not a cyber criminal trying to access your business data.

That’s not all. Microsoft Authenticator also allows for biometric authentication, which means you can use your face, fingerprint, or other unique physical features to prove your identity and combat the threat of MFA fatigue attacks.

With these security measures in place, your business can stay ahead of cyber criminals and keep your sensitive data better protected.

If you already use Microsoft Authenticator, number matching is ready to use. Simply make sure your app is up-to-date, and you’ll be protected.

If you use another MFA system and want to look at how to make your security better or easier, we can help. Get in touch.

Published with permission from Your Tech Updates.