Ransomware has been a massive problem for businesses of every size, across every industry for the past several years. 2016 saw a record number of infections cause irreparable damage to thousands of businesses, and seriously inconvenience countless others. With 2017 set to see an even higher infection rate, companies need to make sure that they have the latest security measures in place to defend their networks and valuable data against this threat.
However, something that some businesses still fail to understand is that security measures alone aren’t enough. Part of the reason ransomware is so prevalent and so compelling is that there is a component of human error involved that makes it an extremely successful tool for cybercriminals. Hackers have learned that if they can’t get to your data directly through your network, they can get to it through your employees.
Phishing scams and social engineering have long been preferred means of gaining that access, and businesses who put an emphasis on training their staff to spot these attempts and avoid them are miles ahead of their unprepared counterparts where cyber security is concerned. Emails pretending to be internal correspondence or correspondence from associates, or notices from financial institutions or government agencies are common and easily recognized by those of us who know what to look for.
But there is a new tactic emerging that businesses need to be wary of; phishing scams disguised as service or product inquiries. A few red flags you should be on the lookout for when opening or responding to emails requesting information about your company, services, or products include:
Something else that makes these types of phishing attempts such a challenge is that they might not be trying to introduce the ransomware virus directly onto your system or network. Instead, embedded links or attachments might contain some type of code meant to give the hacker a foothold inside your network, or use an application already installed on your system as a launching pad of sorts – a method of running the malicious code without your knowledge and downloading the actual virus from the hacker’s online server.
Just deleting suspicious emails isn’t always an option. When you’re dealing with potential new business, you don’t want to throw away a prospective client over poor grammar, or a lack of computer skills that could result in wonky attachments. Some of these red flags could be honest mistakes, but could just as easily be signs of something more sinister. There are many resources available online that can help you to screen suspicious emails without opening potentially harmful attachments. Get in touch with your IT support provider to learn more about these tools, and discuss the options available to not only step up your network security but educate your staff on the dangers of cyber threats.
Want to learn more about the steps you can take to protect your business from threats like ransomware? Contact us at firstname.lastname@example.org or (415) 543 1033 . We’re the IT professionals businesses in San Francisco trust.