It might not be comfortable to know, but the biggest threat to your data security is already in your business. If you have ever wondered how hackers gain access to systems, it doesn’t always involve hi-tech gadgets or knowledge. More than 90% of these type of attacks begin with emails that are not what they seem, which then rely on human responses to trick their way through your defences.
There are many tech-based ways to crack passwords and break log-in security, including processes such as brute-force attacks. But, most hackers use more traditional ways to gain illicit access to other peoples’ computers and data. They are more in line with an old-school conman than something from a ‘Mission Impossible’ film.
So-called ‘social engineering’ has long been a hacker’s most powerful tool. This refers to any way that someone can be persuaded to give out information, such as passwords or log-ins, without knowing they have committed a security error.
The email trick known as ‘phishing’ is probably the most common form of social engineering used today. It tries to trick someone into giving information without realising it is falling into the wrong hands. As one of the top attack methods favoured by cybercriminals, the emails can be more sophisticated than many people might realise.
Often using high-quality html templates, mocked-up to look like official communications from trusted partners, banks, or similar, and sometimes using sophisticated spoofing techniques to obscure their origins, deception by email is one of the easiest traps for anyone in your business to fall prey to.
Sometimes, emails do not try to get data but actively attempt to place malicious software (malware) into your systems. One of the biggest recent threats came from so-called ‘ransomware’ where data is locked or threatened with corruption unless a payment, usually in bitcoin, is made. One of the most high-profile attacks of this type hit the headlines when the NHS was targeted, together with other big institutions.
Even here, someone usually has to ‘click’ on a link or attachment to activate it, although some applications and programmes can allow self-activating malware to bypass firewalls and other defences.
The only way to ensure you are doing all you can to minimise these threats and mitigate the results of a successful attack is to build a security culture into your business practises. It can be as simple as ensuring that you and your employees are up to date with the latest threats and competent in the basics of avoiding them.
There are more far-reaching ways to protect your business and its data and ensure that your productivity isn’t affected by malicious hacking activity. See GCC’s tips on Cyber awareness: https://www.gcc.co.uk/support/service-desk/cyber-security-awareness/