Make Your NC Business a No Phishing Zone
July 11, 2012
Anyone been to the beach yet this summer? Those of us stuck in the middle of the state generally like heading east this time of year (witness the congestion at the Wilmington exit on Friday afternoon). There’s plenty to do on the North Carolina (NC) coast: swimming, boating, fishing (just remember, that last one requires a license).
Unfortunately, cyber criminals don’t respect the season, location, or the law when selecting their targets. Businesses that employed between 11 and 100 employees topped the list of data breaches in Verizon’s annual Data Breach Investigations Report, and the FBI ranked NC as 12th in the nation for complaints filed in its latest Internet Crime Report. That means your local small business lies right in the crosshairs.
Phishing and social engineering are the most common tactics employed to crack small business networks. These traps persuade victims to hand over their credentials, allowing attackers to virtually walk in the front door and take what they want.
So what can you do to keep these goons out?
If you’re surfing the web without antivirus, you’re coasting some potentially dangerous waves without a lifeguard. That’s not smart beach behavior, and it’s not good business online either. But a lifeguard who’s asleep on the job or doesn’t know how to swim isn’t much use in a real crisis. What’s even worse? One who gets paid every time a person drowned.
Unfortunately there are a lot of those so-called lifeguards fighting to “protect” your computer. Some are simply bloatware: they don’t really protect your assets, just pull on your system resources. Others are more malicious. Known as “scareware,” these programs often warn you of infections on your computer and practically beg to hunt them down. Sometimes they skip the begging part and just download automatically. These programs can then rifle through your files and start sending goodies back to the mother ship. Ransomware has also popped up that holds computers hostage until a certain fee is paid.
Our advice? Don’t depend on just any app promising to protect your computer to safeguard your business network. Do your research on the best companies out there and select a program that actually works. Consider partnering with an IT firm that specializes in antivirus and network security to ensure you get evidence-based recommendations.
Already have antivirus? Good, but don’t think you’re off the hook just yet. After all, a lifeguard can’t protect you from UV rays if you didn’t put on sunscreen, or keep you from getting stung when you get too close to that jellyfish. There are lots of threats in the murky waters of the Internet, and a bit of preventive preparation can help you avoid the most common pitfalls. Here are some ways to avoid ending up on a phisher’s hook:
- Use spam filtering on your email, and don’t open mystery attachments. These files can burrow themselves into an unsuspecting operating system when clicked, and they’re difficult to cut out. When in doubt, don’t download.
- Avoid clicking on enticing links with titles like “You won’t believe this!” even when they appear to come from people you known, whether by email or social media. Botnets thrive on the familiarity of infected users to absorb more victims into the fold.
- Be careful when getting messages that request you fill in your login information. Spear phishers specialize in crafting messages that look like the genuine article, trawling the web for information on their targets to add that extra bit of believability. If you get an unexpected message from your bank or company IT team, call them first to make sure it’s real.
The water can be dangerous place even for experienced swimmers, and the Internet’s no different. Despite good antivirus protection and security practices, businesses can still fall prey to phishing scams, and the results can be costly.
Here’s the situation, as explained in this Charlotte Observer article:
... small businesses are especially easy prey because many lack firewalls and monitoring systems. Gartner, an information technology research company, says regulators have not compiled statistics on the extent of the fraud, but the company estimates that more than 10 percent of small businesses have had funds stolen from their bank accounts – losses totaling more than $2 billion.
“People think, ‘It’ll never happen to me,’ but these are incredibly sophisticated criminals, and we’re not IT experts,” Talbot [chief financial officer of a targeted business] said. “When you work for a big company, you have a full IT staff and you’re locked down like Fort Knox. When you work for a small to midsize company, you’re not locked down at all.”
With a constantly changing threat landscape, it can be overwhelming for any small business to keep track of everything. That’s why managed services providers like Cii offer ongoing security services. We keep track of the latest threats and put countermeasures in place as soon as they’re detected. Because it’s part of our core business, network and computer security is monitored 24/7 (instead of being put off until everything else is done). Plus, we’re ready and available to step in and fix a problem once it becomes apparent.
Regardless of whether you engage a security provider or not, make sure you have the necessary tools in place to handle whatever gets thrown your way. This summer, make sure the only fishing that happens is at the beach.