As technology becomes more integral to daily life, cybercriminals are continually devising new ways to profit by compromising organizations.
Targets for hackers range from individuals to small companies and nonprofits, all the way up to multi-national corporations.
Fortunately, there are ways to protect you, your company, and your family from some of the most common tactics hackers employ.
Growing Threats
The year 2021 saw a 50% increase in cyberattacks compared to 2020, and 2022 is on track to become the worst year yet.
Phishing and smishing (the text equivalent of phishing) were the most prominent forms of hacking in 2021, accounting for a staggering 80% of breaches.
Both methods require very little work from hackers. All a bad actor needs to do is send an email/text to someone with a link to a fake site or malware and wait for someone to click. One common scam hackers employ is sending a fake Digital Millennium Copyright Act Takedown Notice. These scams accuse a company of violating copyright law, using a fake DMCA claim to scare a company into clicking a dangerous link.
A single employee clicking on an infected link can cripple an entire organization – introducing malware and ransomware into systems or stealing admin passwords and privileges. In 2021, the U.S. Treasury Department’s Financial Crimes Enforcement Network reported that nationwide cyberattacks totaled over $100 million a month.
Phishing will only become more prevalent, but you can protect yourself and your organization by following simple cybersecurity practices.
How to Spot Phishing
Individuals can watch out for a few tell-tale signs that highlight phishing and smishing.
- Inconsistent grammar and wording: Emails/texts with poor grammar might be phishing attempts. This can take the form of typos, poor grammar, or odd word choices. (E.g., your boss starting an email with “Dear friend” or “Dear valued employee”)
- Aggressive or urgent requests: Messages that demand immediate action or threaten penalties usually signal a phishing attempt. These threats are scare tactics that you should avoid and report.
- Suspicious sources: Do not open texts from unknown numbers, even with your area code. Do not open emails that are coming from strange email addresses like “johnsmith445@bank.com.”
[pdf-embedder url=”https://borlandbenefield.com/wp-content/uploads/2022/06/Phishing.pdf”]
Smishing Tactics
Hackers find text messages to be an effective way to deceive people into clicking on links. Common tactics include:
- Sending fake package delivery notifications
- Asking you to verify purchases
- Warning you of suspicious activity on one of your accounts
- Claiming issues with your payment information
- Offering prizes or gift cards
Building Defenses
Creating simple guidelines for everyone in your organization to follow will drastically reduce the chances of hackers finding an exploitable weakness.
- Create an internal cybersecurity committee: Designate a recurring time to meet and discuss safe cyber-practices with your organization’s leadership. Be sure to document everything you discuss and what actions will be taken to mitigate cyber-risks.
- Back-up data: Perform backups of systems and data regularly.
- Keep software up-to-date: If a cybersecurity incident occurs, having the latest software patches can help mitigate damage or stop it altogether.
- Vet Business Associates: Hackers can enter your systems through a BA in surprising ways. Read how hackers breached a casino’s network through a fish tank. Don’t let a lazy BA’s mistake lead to disaster; require your BA’s to prove that they follow safe cybersecurity practices before conducting business.
- Train your staff: Employees are the easiest target for hackers to exploit. Creating a security-minded culture inside an organization is one of the best ways to stop hackers before they ever breach a network. Train your staff in proper cybersecurity habits. Create a dedicated space for questions and concerns involving cybersecurity. Make sure new employees are on-boarded with cyber-security training.
Be Cautious, Be Safe
Cybercrime is forcing organizations to prioritize cybersecurity. Insurance is covering less and harsher penalties are becoming more common for organizations that don’t take the proper precautions.
Protect your business by staying educated and up-to-date on the latest methods to avoid hackers.