For many businesses across the UK, Cyber security is an ongoing battle, with new threats emerging every year. Recently in 2021, the UK based umbrella firm and payroll provider Giant Umbrella suffered a colossal data breach, leading to a host of payment delays across numerous employment sectors. This is just one of many examples, with more businesses relying on their network to work from home, cyber security is more vulnerable now than it ever has been.
Recognising The Most Common Types of Threats
The first step in keeping yourself and your business safe from threats and scams is having the knowledge necessary to recognise them before it’s too late. Our Head of IT, Jon Berry explains:
We’ve noticed an increase in attempted cyber-attacks already this year, so training is vital for all businesses. At Astute, we have enrolled all of our staff onto a bespoke cyber security training program, which includes both training modules and regular simulated phishing attacks. One of the first steps towards defending ourselves from threats is having our team armed with up-to-date knowledge, because recognising threats before they become an issue is always better than dealing with the aftermath of an attack.”
Below are Jon’s top 4 threats to look out for and how to combat them:
“Phishing” is classified as the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. In simpler terms, fake company emails trying to trick you into giving away your sensitive information.
A good way to combat this type of fraudulent threat is to take time to check the verifiability of the email. Take some time to think and ask yourself some of these questions:
Is this an email I am expecting?
Is the email address or email text spelled correctly?
Does the email address match who they claim to be?
Is there a strange amount of urgency to the email?
Very similar to the previously mentioned threat, “vishing” is defined as the fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as bank details and credit card numbers.
Unlike phishing, this threat can be a lot harder to spot. If you’re not sure, hang up the phone and call an individual or business related to the original call, such as your bank if the caller was asking for your account information. This means you can be sure you’re going to the right people, and if there is a problem, they can tell you about it directly. Exercise caution however, as scammers can hijack your phone line, so when you hang up be sure to wait a few minutes before calling again.
This is essentially the same as the previous “vishing” except it’s delivered via text message instead of phone calls. For example, scammers will send you a text message claiming to be your bank, saying you need to update your personal details or that there has been an issue with your account. The text message may include a link, or a fake phone number that they will then use to get you to reveal your details.
If you ever receive a text message like this, be suspicious. A good giveaway to this scam is that the phone number messaging you won’t match the number on your credit or debit card.
This threat is defined by the fraudulent practice of directing internet users to a bogus website that mimics the appearance of a legitimate one, in order to obtain personal information such as passwords, account numbers, etc.
Be observant, make sure the website address is correct and keep your operating system, web browser, and anti-virus up to date. If the address has a selection of unexpected numbers, or perhaps something similar to the real name but with the letters switched around or a different spelling, then be aware that it is a mimic and not the true website.
Further threats to IT systems are malicious software or malware that are activated by clicking links sent from malicious emails. These can take the form of a software virus, spyware, ransomware, worms, or Trojans.
As a business, by continually training our staff with internal and external training partners as well as using the most up to date cyber security packages we aim to protect our information as best as possible and keep up to date of what the current threats are.