Phishing attacks are on the rise
While many Forth Worth businesses struggle to weather everything that 2020 has brought, hackers have been busy taking advantage of the uncertainty and fears of things like COVID-19 and the political climate with phishing scams that exploit the disruption in our normal routines.
Phishing Attacks Up 667% in 2020
A dramatic increase in the scale of attacks is one example of how hackers are exploiting the coronavirus crisis. During March, COVID-19-related spear-phishing email attacks were up 667% as compared with a month earlier. We know from news reports and our experience as a managed security services provider that many of these attacks were surprisingly successful.
The attacks have also become more sophisticated. More than 1 in 3 phishing emails are brand impersonations. So, at the same moment many businesses are reaching out to their customers to provide essential information about services and resources during the coronavirus crisis, customers are getting messages that have the look, feel and persona of reputable brands. And they’re falling for it.
Many of these phishing attacks silently collect user names and passwords that are then sold on the Dark Web. Small and medium businesses have no idea of their immediate risks and vulnerabilities, thinking they are too small to worry about when, in fact, they are a prime target. Hackers expect you not to know about simple, affordable ways to keep them from stealing your passwords and money.
4 Affordable Measures You Can Take to Protect Your Business
There’s simply no substitute for quality IT security and expert support, so beware of those who would try to lull you into false complacency with so-called cheap and easy solutions. However, there are some simple, basic and low-cost measures you can – and should – take to reduce your risk of a catastrophic breach.
1. Teach staff not to open the door
Even the best IT security tools, antivirus and firewalls are useless if one of your employees clicks on a phishing email. And we know this happens all the time, because we do phishing tests and see it every single day. It’s been exacerbated by the changes in office routines, like working from home during COVID-19 and then returning to work. Employees are simply distracted and not paying attention to what they are clicking.
2. Stop ignoring update notifications
Those popup notifications about updating patches for your apps are more than a little annoyance. Ignoring or postponing them is a significant risk to your business. That’s because software developers are constantly identifying and plugging new vulnerabilities they discover in the software. Not patching these leaves those vulnerabilities open.
Often, by the time these patches are available, those holes are already being exploited by hackers.
3. Lock the doorknob AND deadbolt the door
Complex passwords are important, but passwords are simply insufficient protection on their own. With most employees using common phrases and guessable word constructions like Motorcycle101 or Fisherman1, passwords are easy to hack and sell on the Dark Web.
Multifactor authentication is a low-cost add-on that makes even passwords like Password123 relatively safe to use. You can even share your password on the Dark Web (we don’t recommend that you do), but with multifactor authentication, nobody is getting in except the authorized user. MFA is one affordable way to add enormous protection to your business.
4. An ounce of prevention is worth a pound of cure
Many businesses have already been breached and their employees’ login credentials are available for sale on the Dark Web. This means the business is living on borrowed time.
Knowledge is power, which is why we recommend engaging an IT service provider who specializes in security to deploy routine prevention measures, ongoing maintenance and regular Dark Web monitoring on your behalf. These are all important, inexpensive and often overlooked security measures that can identify where you’re vulnerable, remediate the problem and prevent disaster.
Get Expert IT Security Support to Keep You Safe
Implementing the 4 affordable steps we outlined above is the most important part of keeping your business safe as many businesses look to cut costs. If you have more in-depth security or compliance requirements, you need to work with a partner who can keep you safe while working within your budget.
VersaTrust is staffed with a Certified Information Systems Security Professional (CISSP), and we embody the IT security industry’s gold standard in security strategy, prevention, detection and response.
We provide comprehensive security solutions tailored to your business’ needs and budget, and we deploy tools, training and expertise to safeguard your infrastructure and assets.
You can’t ignore basic security needs during these times. We can help you figure out where your priorities should be. Contact us at (817) 595-0111.