cybersecurity

Security Brief – What is Malware and How to Fight Back against It?

It is an unfortunate fact, but cybersecurity is now a serious consideration for every company. Gone are the days when security was something that happened to someone else. Now, security awareness is as much a part of the company culture as the coffee break. Why is this so? Well, the massive increase in cyber-attacks in the last 5-10 years is one reason. Versions of malware, the malicious version of software that causes infections like ransomware, just keep on rising. We must now ensure that employees are taught awareness and how to guard against being exploited by cybercrime.

Are You Prepared Against Cyber Threats?

How does your company overcome a challenge like cybersecurity? This question confuses and disturbs businesses of all shapes and sizes today more than ever before. Don’t we almost every day seem to read stories of such companies that have suffered the consequences of not having sufficient measures in place to protect themselves? It is estimated that the average cost of a cyber threat will be over $ 150 million by the end of 2020, with the global annual cost forecast to be $ 2.1 trillion! And as we are well into this year already, it is indeed proving to be a challenging year. However, the more difficult the challenge, the greater the reward is. We are all aware of the four categories that frame the future of cyber warfare at the organizational level – Employee Training, Hardware Drones, Connected Devices, and Active Defense. We must act mindfully as individuals and as an organization to ensure cyber criminals have no opportunities to take advantage. So how do you make sure not to become the weak link that opens the door to malicious activity in your organization? Be aware of malicious payload campaigns An example of a malicious payload would be receiving an email asking you to click on a link. Clicking on this link would then download a file to the target system (yours) and install software that could be malware, ransomware, or even open a backdoor, allowing the malicious actor to access your system where they will then work to gain access to critical systems and files. Never fall for Fake Invoices sent via email or text You receive an email stating the sender is having a hard time either getting the invoice to the proper location or getting the invoice paid. A PDF or other file is attached, possibly titled “Invoice XXX”, the file can be many things. A credential harvester will attempt to gain access to user credential information, malware, ransomware, etc. Credential Harvesters Credential Harvesters can take the form of emails or messages stating you need to log into your account and verify your information. The message will have a link and will even take you to a site that looks completely legitimate. Always go to the actual URL for the website and never click on a link. This is what the malicious actor is expecting you to do to gain access. Ultimately, companies worldwide should identify any vulnerability that exists within their IT infrastructure. If your company is still using old, outdated technology as part of the IT systems, much of this can be exploited by cybercriminals looking for an easy target. As a result, it is imperative you take the necessary steps wherever possible to maximize defenses or have extra preventative measures in place to deter any hopeful attackers. Cybercriminal is always evolving and testing methods to gain access. All that is needed is for one individual to let their guard down and fall victim to an attack. DO NOT BE THAT VICTIM! Well, indeed, we can’t completely stop cyber criminals from trying to wreak havoc; however, it is entirely within the power of any business to reduce the overall impact of cybercriminals’ actions through proactive efforts. Is your organization being proactive enough? Keep the above safety measures in your mind, stay secure, and make your organization a highly protected one.

Why Education Remains a Critical Piece of the Cyber Security Puzzle

If you owned a store in town and someone asked you how you plan to protect it, you would probably refer to traditional security measures. Chances are you have a security guard, video surveillance, and an alarm system managed by a third party. All of these help you to keep the premises safe, but what about cybersecurity? Without securing your wireless and online (technology-based) platforms, even a company’s surveillance footage can become compromised and erased eliminating video evidence of any crime taking place at the business. When it comes to contact center cybersecurity, the focus is primarily on protecting consumer and client data. While an organization needs antivirus software, firewall systems, and data loss protection tactics, it is critical they continue to educate employees on best practices and what to look for. The Risk   Failure to create an awareness program and bring employees on board with your cybersecurity initiative means that your organization will always be vulnerable to an attack. Malicious actors understand the weak point in any system may be the human firewall. By exploiting this, a hacker can gain access to even the most secure systems. According to one CNBC article, employee negligence is the biggest cybersecurity risk companies must confront. In a report cited by the article, 47% of business leaders blamed human error for a data breach at their organization. Here are some of the many ways that failure to create awareness can put an organization at risk. 1. Failure of an Employee to Lock a Workstation   Roughly 25% of employees admit to leaving their computers unlocked. The more sensitive the information is that they handle, the more dangerous this can be. By leaving work stations unlocked when they are away from the desk, any passerby could access files on the computer. What is worse is that this would show up under the employee’s name and they might be held responsible for fraudulent activities until an investigation proves otherwise. At the very least, the workstation should be configured at the network to auto-lock after a specified time of inactivity. This will greatly reduce the chances of someone else gaining access to the workstation. 2. Password Vulnerabilities   One of the common recommendations in the cybersecurity community is that employees should regularly change passwords. However, one Federal Trade Commission article cautions businesses about forcing employees to change passwords too often, especially when they manage multiple log-ins. Employees may work around this by creating simple passwords with easy modifications to keep up. Even worse, they may write them down. These actions create password vulnerabilities that make the accounts easier to hack. Password requirements should be complex in their nature but something easy for the employee to remember that is not easily guessable such as an acronym based on a favorite song. 3. Disabling Multi-Factor Authentication   There are many different types of multifactor authentication. When it comes to MFA, or specifically 2FA, adding a phone number provides a second means of verifying every log-in attempt. Yet, many employees may choose to turn these off, especially on smart devices when they work away from the office. This creates potential access to company data. According to Google, even just adding a recovery number provides the following benefits: • Prevents up to 100% of automated bots • Stops 66% of targeted attacks • Blocks 99% of phishing attacks that occur in bulk The Proposed Solutions Some employees will continue to exercise poor security judgment for the entire duration of their tenure unless educated on best practices and the organization’s cybersecurity policy. To do this, companies must do more than send out bulletins with safe practices or publish info in an employee handbook that few workers read. Here are a few recommendations to follow instead. 1. Regular Training   Employees should receive routine training on best practices. If the training is never updated, then they may skip through the slides or yawn through the meetings just to get it over and done with. Update these practices based on changes in the news or recommendations from professionals. If possible, let cybersecurity professionals teach the course. Keep the employees engaged and request feedback. Allow them to be part of the solution and you will see continued interest and improvement in cybersecurity best practices. 2. Lead by Example   When managers set an example, employees feel more inclined to follow. The manager who leaves their computer unlocked while at lunch or leaves critical paperwork/passwords/etc. lying around carelessly is unlikely to inspire employees to act differently. However, by being an exemplary model of a worker that prioritizes data protection, you will inspire more employees to follow your lead. 3. Hold Each Other Accountable   For this to work, employees and leaders must hold each other accountable. Harvard Business Review notes that the highest performing teams operate under a principle of universal accountability. Put simply, any member of a team should be able to respectfully confront the other about a lapse, irrespective of power differences. The Bottom Line   In a digitally transformed workplace, cyber security awareness can help companies effectively close off security breach points. However, for this to work effectively, everyone in the organization must be on board. A company’s data breach defenses are only as strong as the weakest access point. Hackers believe this to be the human factor and are now setting up their attack vectors accordingly. At Etech, we regularly train our employees to keep them updated on new developments in contact center cyber security. We also invest in information technology resources to keep our clients’ and their customers’ data safe. For more information about the role, cyberattack prevention plays in our business model, contact us today.

6 Tips to Spot Phishing Attack Emails

Phishing attacks could be compared to actual fishing. The scammer creates an email that includes an enticement, essentially baiting the hook. Their next step is to send the email out to thousands of individuals, casting the line. Finally, they wait for an unsuspecting person to take the bait and reel them in, attempting to collect some form of protected information or possibly even payment. This modus operandi or method has been around for a long time as it continues to prove highly successful for the malicious actor. Prior to computers, phishing scams were accomplished through phone calls, direct mail, or even face-to-face contact. However, over the last couple of decades, digital scams have allowed for the casting of a much wider net as well as improved anonymity, which means the criminals are harder to catch. Therefore, it falls on the end user to be vigilant regarding their online activity and email usage. Many internet users in both business and home settings overestimate the ability of their cybersecurity to circumvent the threat of malicious actors. While it is true that internet security can minimize the risk of phishing attacks, it cannot account for human error, which is precisely what scammers will try and exploit. To limit your exposure to these scams, you should follow six simple tips to spot and avoid attacks. Always Be Cautious of Embedded Links While there are many signs of potential email scams, message links may be one of the most prominent. Many fraudulent emails will have numerous links within the body of the message, attempting to entice readers to click at least one. This will usually redirect the system to malicious site/content or simply download malware to exploit the computer system and set it up for the potential attack. Mismatched URLs Phishing emails will often have mismatched URLs, meaning that the web address that is spelled out in the text does not match the URL that appears when you hover your cursor over it. If you notice that the target address is different from the stated address do not trust the message. Redirects There may be times where the URLs in the email match the stated links, but when you click on the link, you are redirected through other addresses and sites. If you are redirected to a strange website, then there is a good chance that the email was a scam, and you should scan your system for potential viruses immediately. Be Wary of “Suspicious Activity” Emails A common tactic of phishing is to claim that there has been a suspicious activity or unauthorized changes to one of your accounts. Clicking on the provided link may even direct you to a site that looks completely legitimate. This is a major tactic for the malicious actor to trick you into entering your credentials. They can then seize control of your account and gain access to whatever information and/or funds are available. They may use the same credentials to gain access to other accounts and systems you have access to. Don’t be tempted to click on links, read or open attachments from these emails, instead of flag questionable emails and let your cybersecurity team worry about the details. Never click on an embedded link to enter your credentials. Exit the email and go to the site through the proper URL. Be Leary of “Urgency to Act” Claims Also, while winning a million dollars or inheriting some foreign prince’s estate would be a dream come true for many people, the odds are not in your favor. You have a better chance of being hit by lighting each day for the next two weeks. Many scams try to entice recipients with promises of lavish prizes and trips. However, they often have a ridiculous time constraint to try and force you into irrational decisions. Don’t think this scam still work? Recently, there have been reports of individuals approaching people in the parking lot of a bank they are entering convincing them to take out large sums of cash promising exponential returns on the funds. Of course, the malicious actors disappear with the cash never to be seen or heard from by that person again. If someone falls for the scam under these circumstances, think about how easy it would be to cast a wide net over the internet to get a nibble. Don’t Fret Over “Severe Consequences” Similar to the suspicious activity phishing attack, many scammers will take an even blunter approach by demanding action through the threat of lawsuits or arrests. The IRS has recently warned of phishing attempts that threatened huge fines. These scams are coercive and despicable. Take solace in knowing that there is no truth to them. The IRS does not communicate this type of information through email or phone calls. If you are being audited or owe money, the IRS will send you a letter via the U.S. Blogal Service. These attacks seek to prey on an individual’s fear of jail time or huge fines. Do not give them the satisfaction of falling for these types of attacks. Watch for Grammatical Errors Another common factor of fraudulent emails is grammatical errors. These aren’t typical typos and are usually overwhelmingly apparent because they are syntax errors, meaning that words are arranged in strange ways. Many scammers are not native English speakers and may struggle with recognizing syntax mistakes. Most reputable companies will have proofreading teams capable of editing spelling and grammar errors. Therefore, emails plagued with bad grammar should likewise be avoided. Don’t Underestimate Minimalism Phishing does not have to consist of a complex, persuasive strategy. Some offenders try to scam unsuspecting individuals by posing as friends or colleagues, sending an innocuous email with a blank body and single attachment. These types of emails should be immediately discarded unless you are acutely aware of the sender and their intentions. Email addresses can be spoofed and appear to come from a friend or coworker when they are actually

Scroll to Top

Contact Us

Thank you for sharing your details. Your Brochure is ready to Download.

*Please check your Download folder for the downloaded file

Download E-Book

Download E-Book

Download E-Book

Free Download Presentation

Free Download Presentation

Free Download Presentation

Free Download Presentation

Free Download Presentation

Free Download Presentation

Free Download Presentation

Free Download Presentation

Free Download Presentation

Download Presentation

Free Download Presentation

Free Download Presentation

Download Brochure

Download Brochure

Download Brochure

Download Brochure

Download Brochure

Download Brochure

Download Case Study

Download Case Study

Download Case Study

Read our Privacy Policy for details on how your information may be used.

Download Case Study

Download Case Study

Free Download Presentation

Download Brochure

Thank you for sharing your details. Click below link to watch.

Thank you for sharing your details. Your Ebook is ready for Download.

Thank you for sharing your details. Your Ebook is ready for Download.

Thank you for sharing your details. Your Ebook is ready for Download.

Thank you for sharing your details. Your Presentation is ready for Download.

Thank you for sharing your details. Your Presentation is ready for Download.

Thank you for sharing your details. Your Presentation is ready for Download.

Thank you for sharing your details. Your Presentation is ready for Download.

Thank you for sharing your details. Your Presentation is ready for Download.

Thank you for sharing your details. Your Presentation is ready for Download.

Thank you for sharing your details. Your Presentation is ready for Download.

Thank you for sharing your details. Your Presentation is ready for Download.

Thank you for sharing your details. Your Presentation is ready for Download.

Thank you for sharing your details. Your Presentation is ready to Download.

*Please check your Download folder for the downloaded file

Thank you for sharing your details. Your Presentation is ready for Download.

Thank you for sharing your details. Your Presentation is ready for Download.

Thank you for sharing your details. Your Brochure is ready for Download.

Thank you for sharing your details. Your Brochure is ready for Download.

Thank you for sharing your details. Your Brochure is ready for Download.

Thank you for sharing your details. Your Brochure is ready for Download.

Thank you for sharing your details. Your Brochure is ready for Downloads.

Thank you for sharing your details. Your brochure is ready for Download.

Thank you for sharing your details. Your Case study is ready for Download.

Thank you for sharing your details. Your Case study is ready for Download.

Thank you for sharing your details. Your Case study is ready for Download.

Thank you for sharing your details. Your Case study is ready to Download.

*Please check your Download folder for the downloaded file

Thank you for sharing your details. Your Case study is ready to Download.