Published December 14, 2022
Cyber Security Awareness Month is this October, highlighting the importance of digital security and empowering everyone to protect their personal data from digital forms of crime.
The month is dedicated to creating resources and communications for organisations to talk to their employees and customers about staying safe online.
The idea originates from the United States, who launched the national cyber security awareness month for the first time back in 2004. Now, 15 years old and growing its following and promotion throughout the world.
Computer security, or cyber security, is the protection of computer systems and networks from information disclosure, theft of, or damage to their hardware, software, or electronic data. Cyber security is the means by which individuals and organisations reduce the risk of becoming victims of cyber attack.
Its core function is to protect the devices we all use (smartphones, laptops, tablets and computers), and the services we access – both online and at work – from theft or damage.
Given the rapidly evolving technological landscape, cyber security has become increasingly important as smartphones, computers and the internet are now such a fundamental part of modern life that it’s difficult to imagine how we’d function without them.
More and more information is becoming digital and accessible through wireless and wired digital communication networks and across the omnipresent internet. From online banking and shopping, to email and social media, it’s more important than ever to take steps that can prevent cyber criminals getting hold of our accounts, data, and devices. Companies, both large and small, are targeted everyday by attackers to obtain sensitive information or cause disruption of services.
We have highlighted the ones to watch out for on our website. Especially in businesses – the consequences of a serious data breach can be fatal for an organisation, and the risks presented by cyber-attacks, scams and hacking are growing. Here we’ve elaborated on one common attack – CEO spam.
Also known as Whaling or Spear Phishing, CEO spam is a sophisticated fraud that has cost UK businesses hundreds of thousands, even millions, of pounds. The fraud takes the form of apparently genuine emails from the CEO or other senior executive to an accounts person, asking them to make a payment to a certain account and telling them it is urgent.
There are two common ways in which a CEO spam email is launched. The first is name spoofing, in which the attacker uses the name of your CEO but with a different email address.
Sometimes the email address the attacker uses is very similar to the company’s domain with a few different letters (e.g. reactpc.co.uk instead of reactcp.co.uk). With name spoofing, the attacker is hoping you will not notice the incorrect sender address, and will rush to respond.
Making it worse, many email clients, especially mobile email clients, do not display the sender address by default, which can make it hard to spot this attack.
The second form is name and email spoofing, where the attacker uses both the CEO’s name and their correct email address. In this form of attack, they typically use a reply-to address that is different from the sender address, so that your response to the email will go to them instead of your CEO.
CEO fraud is a particularly dangerous form of attack because the impersonator relies on the authority of the CEO to obtain extremely sensitive information or even acquire cash. Many employees are reluctant to question a request from their CEO and will fall into the trap of responding to the email.
Any payment requests with new or amended bank details received by email, letter or phone should be independently verified. This includes internal emails from senior management that contain payment requests.
Don’t be pressured by urgent requests, even if they appear to originate from someone senior – remember this is a common tactic adopted by fraudsters.
Be cautious of how much information you reveal about your company and key officials via social media platforms and out-of-office automatic replies.
Make all staff aware of this type of fraud, particularly those that make payments.
Ensure warning messages are understood and that appropriate checks, actions and processes are followed to ensure requests are genuine.
Protecting your organisation’s digital assets has never been more important. The consequences of a serious data breach can be fatal for a business, and the risks presented by cyber-attacks, scams and hacking are growing. Traditional defence mechanisms, such as firewalls and anti-virus software can no longer be relied upon in isolation. Organisations need more robust and effective cyber security strategies to ensure protection of valuable digital assets.
Human error is the single most common cause of an IT security breach. While malware and computer viruses remain an everyday threat, well-informed staff can be the difference in keeping your business safe from exposure to dangerous malware and even financial loss. Don’t take chances, download our free cyber security office poster here.
Don’t leave your business cyber security to chance.
Published December 14, 2022