The 2020 pandemic saw an increase in the number of electronic attacks and hacking attempts targeting Australian businesses. Even major enterprises, such as a certain brewery in Queensland, recorded significant interruptions to their operations as a result. It should be common sense, but it often is not, that a business’ digital security is always only as strong as its weakest element. Surveys show that most successful hackers achieve their objectives not via sophisticated software or with high-tech equipment, but through social engineering. That means exploiting the vulnerabilities of the human element, the staff and the management of a business. Are your teams and managers trained in recognising scams? It may be more important than you think – after all, it is your employees who have access and are often able to grant further permissions to use your systems to others.
Continue reading to learn more about how recognising scams effectively can improve the security in your business or, if you would like to test the security in your organisation, claim your FREE IT audit from Connected Platforms today and find out how prepared you really are.
How Good Are Your Employees at Recognising Scams Really?
Make no mistake, although the methods employed by scammers may look unsophisticated at times, they are well known to be effective. Let’s have a look at a couple of real-world examples of digital scams we have encountered in 2020.
A Few Real-World Examples of Digital Scams
The Boss in Trouble
CEO fraud was on the rise in 2020 and this method can be particularly difficult to spot. Usually, the scammer will leverage professional social media platforms to look for an organisation’s executives and managers to target them by impersonating a trusted boss. Then they claim to be in an unforeseen emergency and ask for an urgent transfer of money, company credit card details or to be granted access to company IT systems. The scammer might attempt to make the message look as if it came from a business e-mail account or may claim to be the “boss” e-mailing from a “private” account. Vigilance is the key here – the least anyone receiving such mail from a “boss’” e-mail should do, is to check with the supposed sender directly if they had indeed requested any help. The scammer may attempt to stop the receiver from calling the person they are impersonating by asking to reply by mail only due to limited mobile phone coverage, but this should not be a deterrent to be careful – it is always better to be safe than sorry.
Taking Over a Client
If your business is involved in managing digital platforms of other organisations, you may not be the direct target but rather the means of gaining access to a third-party’s systems. Picture a situation where one of your managers receives an e-mail from an unknown contact – “Hi, we’re just taking over the xxx-company’s accounts from you guys as they are moving their services over to us. Would you please be able to give us admin access to yyy-platform so that we can expedite the process? Thank you in advance!”. This could very well be a legitimate request, but the very least smart thing to do would be to check with your clients directly if they are really working with the sender of such a message before handing any credentials over.
Password Security Inspection
Credit: Saturday Morning Breakfast Cereal (February 2012)
Though certainly amusing when described in a comic, a “password security inspection” is an effective method of obtaining important credentials to your systems. With most usernames these days being e-mail addresses that follow an easy to guess pattern ([email protected] for example) and employee names often publicly published in association with their places of employment on social media platforms such as LinkedIn, it is very easy to guess a username, generally leaving only the password to be cracked. “Password inspection” does not have to come in the form of a phone call from someone posing as your IT security team either, imagine a scenario where an unaware employee is invited to enter their password into an unknown program to “check its strength”. Regardless of what the software says about the password, it is possible that it just logged and sent it to a hacker. Just like your fingers, at the very least, do not put your passwords where they do not belong to be safe.
How to NOT Become a Victim of Digital Scams
Scammers continuously refine their methods, and it is important to keep up with their efforts, even the most vigilant of your staff and you too can fall victim to a well-designed and previously unencountered scam. While being careful and on-guard is always a good start, the security of your business can always be reinforced. Managed IT services are a cost-effective method of improving digital security especially for small and medium sized business owners who may be unable to afford dedicated IT security budgets but who, because of the very fact of being typically less secure, are more likely to be a target.
Call Connected Platforms, your small business IT support Brisbane partner on (07) 3062 6932 today, or get in touch online now to find out more about how our services can help you improve your business’ digital security in the age of an ever-increasing number of online scams.