The East Midlands Cyber Resilience Centre (EMCRC) have produced a back-to-basics guide for SMEs that looks at the most typical types of cyber-crime that you should be aware of.
Today’s workplaces rely almost entirely on technology to function at the level to which we have all become accustomed. As a result, cyber-crime has skyrocketed.
Cyber security means protection in the online space. Therefore, it can refer not just to your place of work, but also to the security settings you use in your personal online world, be that social media, online gaming or the software you use on your home’s devices. Who has a fridge that’s connected to the internet? That falls under what’s called the Internet of Things (IoT), and it could be targeted.
Because technology now rules the world, cyber security should be your top priority. Given that the majority of people have access to internet-connected devices, everyone should have a basic understanding of cyber security and their responsibility to protect those internet-connected devices from cyber-crime.
Look at it this way: would you leave your front door open when you’re elsewhere or doing something else? Unlikely. So why then would you metaphorically leave the door wide open to your online environment?
Let’s look at some of the main types of attacks and risks…
Phishing
Phishing is the most prevalent of threats right now, and targets individuals both at home and at work.
Phishing attacks also employ deception. A cyber-criminal will adopt the identity of another individual, typically one who is in a position of authority from a reputable source, such as a bank or a service.
With fake or fraudulent emails, they use deceit to retrieve private information. The malicious links that serve as the catalyst for the cyber-criminal’s attack are contained within these emails, and they will often use urgency to force the user to make a decision on the spur of the moment rather than carefully weighing up all of their options.
By clicking on the malicious link, the consumer will unintentionally provide access – or potentially even control – to the hackers.
For the complete low-down on phishing, visit our blog entitled: ‘Let’s remind ourselves about phishing…’.
Ransomware
A ransomware attack locks and encrypts files. The cyber-criminals will then demand a ransom in return for the assurance that they will grant access again, following which they will undoubtedly vanish.
Cyber-criminals use urgency to force you to pay the ransom; they give you payment deadlines and threaten to delete the files if you don’t send the money in the allotted time.
Unsurprisingly, this leads to business owners paying the ransom quite frequently. Some people think it’s easier to simply pay a ransom, but you can’t trust a criminal to give you access to your files even when funds are transferred.
Paying a ransom shows cyber thieves that you have the funds available and are prepared to part with them, so they could up the stakes and strike again.
Malware
Malware is made with the intention of causing harm, mayhem, and ultimately data theft. When the purpose is to make money, either by directly spreading the malware or by selling the software to other cybercriminals on the Dark Web, malware assaults are typically carried out by a group of cybercriminals rather than a single person, in contrast to other cyberattacks.
In short, malware (or malicious software) is a software designed to gain access to a computer system without permission. Once malware is on a computer, it can damage files or disrupt personal cyber security. A computer virus is a type of malware.
Someone might use malware to steal personal information, financial details or anything else that could benefit them but harm your family.
To mitigate the risk of malware, install software on your computer to fight it.
Cryptojacking
This is closely related to cryptocurrency and results from clicking on suspicious links or online ads. When this happens, malware gains unauthorised access to your device and uses it to mine cryptocurrency.
Mining cryptocurrency uses a lot of energy and power, so you will notice your device slowing down.
Make sure all installed software is the latest version, don’t ignore updates. Very often updates are seen as a nuisance, but they are important. Also, install ad blockers where possible and consider the dangers of clicking on mysterious links or ads.
Man-in-the-middle (MITM)
During the Covid-19 pandemic, MITM attacks became more frequent because of the use of virtual meeting software. When two parties communicate (i.e, the client and the host), an attacker might take over the session to steal information.
While many virtual meeting platforms increased security to stop these cyber attacks, using vulnerable WiFi connections leaves users open to harm.
To mitigate the threat of MITM attacks, avoid connecting to public WiFi where possible or check that it is reliable and safe.
Password breaches
Whether it’s your Facebook, Amazon, Netflix or business accounts, the explosion in popularity of online apps and services means more and more of us have to remember an increasingly long list of passwords.
Unfortunately, some of us cope with this challenge by resorting to practices that leave our data, devices and money at risk – by using the same password across multiple accounts, or by creating simple passwords that could easily be guessed by hackers.
Bad password practice is more prevalent than you might think – the UK’s National Cyber Security Centre carried out analysis of passwords leaked in data breaches and found that more than 23 million users worldwide used 123456 as a password!
We have blogged about passwords at length. Read some top tips that will make your life easier and your online accounts more secure.
If you’re concerned about cyber-crime – individually or in a business capacity – get in touch with us and we can discuss the options available to you.
We also offer free Community Membership, which offers advice and guidance, and puts us in your mind should you need us.
Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).
