In this series of 4 parts, we take a closer look at the various topics related to protecting your IT environment, your valuable business data and help your users how to recognize and protect against cyber threats. In this first part we will discuss the dangers of phishing emails for your organization and what you can do about it..
The possibilities IT offers for organizations to organize their business processes better, faster and more efficiently are increasing at a rapid pace. More and more can be done with cloud applications, of which new ones are added daily and which, because they are offered via the web browser, can be easily rolled out and implemented within the company. Working together on files, being able to work anywhere and anytime, also as a team, and often at low costs that are offered on a pay-per-use basis. It helps us all.
There are also questions/challenges that come with this. Think integration and security. How do all these applications and systems integrate with each other? How do I turn data into real information? In addition, and that is of course what this article is about, how do I ensure that my IT systems and my data are properly secured?
While in recent times the focus has mainly been on choosing the right Cloud solutions and implementing them, nowadays it is even more important/essential than before to have a clear focus on the thorough protection and security of your IT environment and data. .
Legislation naturally also plays an important role here. The AVG/GDPR legislation requires companies to take sound technical and organizational measures to protect personal data. In addition, as a company you naturally want to be able to work “normally”. Systems must be operational, your data must be available (and not end up on the street), hackers, viruses and other misery outside the door and everything must function smoothly.
What else is lurking? Simply put; malicious people. Those who think they can get better if they have broken into your IT environment. How do they do this and why?
Among other things, by enticing people to click on something in an email, for example, so that a piece of malicious software is installed. Or by retrieving the login details of an employee in order to log in to your IT environment. Depending on the rights of the compromised employee, they either send an email on their behalf with a malicious link or directly install malicious software.
So what exactly does this malicious software do? Again simply put; usually encrypt the files of the workplace and all vulnerable systems that the malicious software has access to. And then you can't do much more. Certainly not if the backup systems were also accessible, so that the backup is also encrypted.
Your data is no longer accessible, your systems are unusable and recovery from the backup has become impossible.
So what? Well, then you have a choice. Either you pay the amount that the hackers ask you, or you don't. But then you have to reinstall everything and you will lose a lot of your data (or all data). Apart from reputation damage, customers who may be looking for another supplier and possible damage claims that you receive from angry customers because you cannot deliver your service or product on time.
And in the other case, if you do pay, we will assume for the sake of convenience that the hackers will actually neatly give you the key to unlock your files again when you have transferred the amount. You guessed it, that doesn't always happen.
But how do they manage?
Hackers use a number of methods that work for them successfully. They often use a springboard to first create an opening somewhere through a crack in order to continue working on their attack from there. We mention the most common ones, for which we as Aumatics naturally have suitable solutions.
- Phishing emails
- Credential Hack
- Vulnerabilities in IT systems
Phishing (and what to do about it)
Opening a link in a phishing email is a common practice. And those phishing emails from them are getting "better" all the time. You used to receive phishing emails about a so-called deceased uncle in a faraway country who suddenly left you an inheritance of € 14.000.000. If you wanted to click on the link below, leave all your details and then that 14 million would be transferred to you immediately. Written in either poor English or even worse Dutch, of course. Yep, right...exactly...
As a user, we now recognize these types of emails. And although these automated ones still blow around the Internet, the current generation of phishing emails is noticeably “better”.
Now it is an e-mail from so-called Coolblue with the announcement that your ordered package is on its way and that your track-and-trace number is in the link below… The chance that someone will believe that and click on it is considerably greater. There is a very good chance that you did indeed just order a package from Coolblue last night. Or another family member.
Or the following situation. As manager Bob you are busy looking for a new employee for the sales department and you will receive an email from your colleague Anette on Monday with text along the lines of:
I know we are busy looking for a new colleague for the sales department. I spoke to an acquaintance over the weekend who is open to a new challenge in sales. I think this could be a really good asset for us. Coincidentally, Klaas also knows him from marketing and he was also super enthusiastic.
I received his resume today and attached it as an attachment.
I'm curious what you think!
This message falls into Bob's mailbox. It simply says that the message is from his colleague Anette and her e-mail address is also correct. Bet Bob opens the resume….
Bob is in good company by the way. Whatever the text in the mail was, via phishing it also started with the University of Maastricht and Pathé cinemas. Now the pain of the scams for the latter with 19 million was considerably more than that of the University that paid "only" € 197.000 in ransom.
Since our start, the goal has been to completely unburden our customers. We achieve this by providing the right services with a customer-oriented attitude, fully geared to the wishes and needs of the organization.
3 tips What you can do about it!
1) A good anti-malware solution that is (and is kept) up-to-date helps a lot.
2) In addition, creating awareness and recognition of these types of messages by means of e-learning, for example, is an extra step.
3) Regularly test the knowledge of your employees in recognizing phishing emails within your organization.
How do we help you?
We implement and manage a solid security solution for you. In addition, we regularly send “fake” phishing emails and check the results. How many employees fell for phishing email anyway? We tell them how they could have seen it was a phishing email. This results in a decrease over time. Employees are regularly trained by means of e-learning modules and you can see who has followed the modules. New employees who come on board are also trained in this way and the process is secured.
Your workplace must have a high level of security to protect it against phishing, data breaches, ransomware, viruses and other threats. Aumatics monitors and protects your workplace and servers: 24 hours a day, 365 days a year. Do you find that a reassuring thought and would you like to become acquainted with our customer-oriented and result-oriented way of working? Curious about how we can minimize the risk of serious security incidents for your organization?
Then contact us today!