Phishing…Pharming…Viruses and Worms…OH GOSH!
These cyber security terms might not mean much to you now but, if your business is faced with potential threats, you will no doubt want to know what’s what and, more importantly the most effective ways of protecting your business and its data.
Firstly, creating a better level of general internal awareness amongst your employees to prevent malicious emails infiltrating and affecting your IT systems is a good start. Encouraging each employee to keep vigilant to the different types of spam emails which are doing the rounds, will help protect your business not only from the most recent ransomware attacks, but also from spoofing and phishing emails that can cost your business thousands of euros.
Here are some tips and pointers to guard against the most common forms of email threats:
A classic example of a “spoofing” email seemingly comes from a work colleague. It will try to trick you into believing the email is genuine. And these criminals are really, really, good at it! However, there are tell-tale signs that can let you know it’s not a genuine email.
- If the email appears as if it is from your colleague, check to see if it contains your company’s email signature. If not, this should be flagged as suspicious.
- Does the subject line or email link contain your full name in the greeting? If it does, it should be flagged as suspicious.
- Look at the sign off from the sender- if the email was genuine from a colleague then it is likely they would sign off in a less formal manner using their first name only. Flag it as suspicious.
These are usually from a trusted source such as your bank or some government body, seemingly flagging that your urgent attention is needed such as for a payment which has not been received or to inform you that your account has been suspended. The sender will want you to click a link, provide your username and password or act on other instructions provided within the email.
However, again there are tell-tale signs that this could be fraudulent:
- The email has been sent without any personalised information, poor spelling or grammar. Whenever a large company sends out an email the message is usually reviewed for spelling, grammar and legality amongst other things. So, if a message is filled with poor grammar, or spelling mistakes, it most likely did not come from a major company. Do not open it!
- The email includes suspicious attachments – it would be highly unusual for a legitimate company to send you an email with an attachment, unless it’s a document you have a specially requested. Do not open it!
- Something just doesn’t look right – if something looks odd, there is probably a good reason why. Use your judgement, if a message seems suspicious, it’s usually in your best interest to avoid acting on it. Is the email telling you that you have won a competition you have never entered? Is the email asking you to make a donation? Is the email asking you for personal information? Be sceptical when it comes to your email and the different threats which may lye within. If it looks even remotely suspicious do no open it!
Additional security features are a must! – It always helps to have an additional layer of protection in place.
In addition to learning how to spot a malicious email there are other things you can do to better protect your company. We recommend Microsoft Exchange Online Advanced Threat Protection (ATP) which helps protect your email against unknown malware and viruses. In the event that you accidentally clicked on an email you thought was legitimate, ATP is there to detect and stop the malware from launching and executing. It can be purchased and added to your existing Office 365 subscriptions, or it can be rolled out on premises along with email filtering software.
Call us today to roll out ATP for your email. Tel 01 8734120 / 051 595200
If you are concerned with any additional security threats or issues in your organisation please enquire about our TechSecure Audit. We can cost-effectively improve your company’s security.
More information on our TechSecure Audit is available here: http://www.hcs.ie/hcs-techsecure