The second half of 2022 has been a turbulent time, with several high-profile companies experiencing significant cyber security attacks. This has resulted in company data, which includes personal data of their customers, being leaked to the dark web.
This has impacted millions of Australians, with identity documents being stolen, bank account threats, etc. These cybersecurity attacks have caused great damage to the companies in question, with fines being issued, huge internal investments required for forensic investigations, clean up, and damage control, in addition to massive reputational damage and loss of business.
It may be surprising, but the primary cause of data breaches is stolen or weak credentials and passwords. Companies invest large sums in hardware and software security solutions, but often overlook the best and first line of defense, their people. Providing staff with knowledge and training can not only protect them from identity theft but can prevent compromises of their company device or corporate data.
So, what should we do? A simple and effective tool readily available to all businesses is investment in a Security Awareness Training platform. These are designed to test and train users to detect malicious emails. These platforms generally offer a variety of different cyber security training programs for staff to complete and send out fake malicious emails to staff to see how they respond, testing their capabilities and keeping them alert. Using the results of this testing can help target users who need more training, assisting them in gaining the knowledge to protect themselves.
Cyber attackers a real ways coming up with new methods to trick us into handing over our credentials or inadvertently giving them access to our machines. Below are some of the latest techniques they’re using, so you can learn how to better detect them and protect yourself from them.
Cyber attackers will create a fake website that looks like the login page of other popular sites, like eBay, Facebook, Xero, etc. The concept to these is simple: make the user believe they’re logging into the real site. Once the user submits their credentials, these sites record the user name and password in a database and now have access to the user’s account at the real site.
Check the address of the webpage and make sure it matches the address for the actual site. In the below example, the address is going to ‘ebay-126.com’, where the normal page would be ‘ebay.com’.
If you don’t think the address looks right, or you’re not sure, browse to the website manually and login through there instead of logging in with the link. That way you’re avoiding the risk of using a fake site.
Microsoft Office applications like Word and Excel have built in protections to prevent Office documents from executing malicious code and scripts on your computer. When these protections kick in, a yellow security dialogue will appear above the document. New attack documents are imitating these security prompts by making the first column of the document look like these security prompts.
These imitation security prompts will generally include instructions for the user to make the document ‘display correctly’, while what those steps will do is allow the document to bypass the built-in protection rules, allowing it to execute malicious code and/or scripts on your computer.
Check to see if the security prompt is above the document, or at the very top of the document. A valid security prompt should always be above the document.
Valid security prompts will never include instructions to copy files into different locations. If you see any security prompts like this, assume the document is malicious, close, and delete the file.
The unfortunate truth is that even with various preventative measures in place, cyber criminals are still profiting from successful attacks. So, it’s important to be proactive in building your cyber defenses, so you can be one step ahead.
Contact our team at Cloudwize today on (02) 5733 4000 to discuss how we can help support your business through our cyber security services.
We know password security can be a bit overwhelming, but it doesn’t have to be!
Read ArticleWe’re all aware of the non-negotiables of personal hygiene, but similarly good password hygiene shouldn’t be an option.
Read ArticleSome 16 years ago I fell victim to a cyber-attack, and it taught me a lot. The good news is there are a lot of ways people and businesses can protect themselves and their data online from opportunistic attacks.
Read ArticleGet in touch with us and we’ll arrange a free initial consultation to talk about how we can help you optimise your company’s IT infrastructure.
Arrange a Consultation Today
