Cyber criminals work hard to remain at the top of their game. Businesses must work harder to avoid being their targets of attack.
Importantly, small and medium enterprises (SMEs) must no think they aren’t vulnerable to cyberattacks: Security giant Kaspersky Cyber says attacks on small businesses in Africa had a massive impact in 2021.
More than 60% said they could not recover financially from a severe cyber or ransomware attack.
Bring Your Own Device (BYOD)
Now, with remote and work from home a huge part of the hybrid working landscape, cyber criminals are ramping up their efforts to penetrate whatever security companies and individuals have on their devices.
Where employees are using their own devices for work, companies are urged to secure them as they would in-house computers.
BYOD coupled with too little security training is a recipe for cyber disaster. Add to that the constant messaging about Covid19 over the past two years and you have a doorway into company data through phishing, spyware and unintended data leaks by untrained staff members.
Knowing some of the ways cyber criminals will get to your data is vital to your ongoing efforts to protect it. Here’s what you should be training your staff to look out for.
Malware
What is malware?
Malware – or “malicious software” is invasive software designed to damage and destroy computers and computer systems. Trojans, a virus, bots, ransomware, adware, spyware, phishing and more all fall under “malicious” software.
How it arrives in your device
This malicious software is often attached to emails and/or instant messaging attachments disguised as legitimate files. Once malware is installed, cyber criminals can gain access to your entire device – desktop, laptop, tablet or phone – including your email and apps.
Spyware
What is spyware?
Spyware is software that installs itself on your computer and secretly monitors your online usage without your knowledge. It secretly gathers information about you and/or your organisation and stores or relays it to other parties.
How it arrives in your device
Cyber criminals can install spyware if they have physical or Internet access to your computer. They may hack into your computer from a remote location via the Internet; or send spyware to you as an attached file that automatically installs itself when you open the email.
Phishing
What is phishing?
Like the name suggests, phishing hooks you in by pretending to be a trusted entity – such as your bank, clients or email associates – and cons you into opening an email, instant message, or text message. Then it steals user data, including logins and credit card or bank numbers.
How it arrives in your device
Many fall for phishing because it appears genuine, and looks like it comes from your bank, colleague etc. It may be followed by a phone call, and will ask you to click on a link. The link is marginally different to a business’s link, but it’s easy to fall for. For example, it may read: Admin@yourbanksnameher.e.co.za – note the “.e.”.
Data breaches and leaks
Data breaches are usually caused by organisations accidentally exposing sensitive data through security vulnerabilities. Data leakage refers to the unauthorised passing of data or information from inside an organisation to someone outside its secured network.
How to tell if your system is compromised by any of the above
There are several different events that may happen, depending on what has infected your system or device. Generally, with for these:
- Slow computer; taking a long time to start up or open programs
- Problems shutting down or restarting
- Missing files
- Frequent system crashes and/or error messages
- Unexpected pop-up windows
How to remove malware
Removal requires uninstalling all suspicious apps and installing the security software your company uses. Unless you are a security professional, you’d be best placed to get your IT department or contractor to do this for you.
If you have an IT department in your company, they should be testing for viruses and malicious software regularly. They should also be doing backups of all company work often and – most importantly – they should be training non-tech staff to recognise potential problems early and report them.
For smaller firms with no IT department, a monthly retainer with a security contractor could save you (and your clients) the big bucks.
Employees, for a quick look at your email health, check “have i been pwned?” at
