If you’re finding it hard to keep up with cyber security news, you’re not alone. It seems every week cyber criminals come up with increasingly sophisticated ways to hack into business computer networks to commit fraud or steal confidential information.
That’s why we use the latest technology at Tribeca to ensure our clients in the alternative investment sector and the wider financial services industry are protected against external and internal threats. As a specialist IT partner and MSP, we also keep our clients up-to-date about new cyber security threats through our blogs, social media posts and regular meetings.
Here are 5 cyber security issues that business owners need to be aware of – as well as tips on how to mitigate the risks.
1. AI email and chatbot scams
While businesses are exploring the many ways AI chatbots and machine learning can save time and resources, so too are cyber criminals. AI that can convincingly imitate a human being is extremely useful when you are trying to trick an employee into parting with sensitive client or company data. AI can potentially be used to create malware, and it is also being exploited to create more convincing phishing emails, devoid of the red flag spelling and grammatical mistakes which have made them easier to spot in the past.
2. Better phishing emails
In general, email scams are much more polished than they used to be. Many phishing emails use legitimate-looking logos, as well as domains or URLs that are almost indistinguishable from those of the companies they are imitating. Microsoft is currently the most imitated brand, accounting for 29% of brand phishing attempts in the second quarter of 2023, followed by Google and Apple. While these companies are not to blame, the trend of hackers hiding behind big tech names makes it even more difficult to sort authentic emails from dodgy ones.
In another development, cyber criminals are increasingly encouraging users to click on images rather than links. If a user does so, they will be directed to a fake site designed to steal personal information.
Protecting your business from phishing starts with cyber security training. Your staff should be aware that they need to check for discrepancies in URLs, domains, and message texts as a matter of course. You can also run regular security awareness training sessions to keep everyone up to speed with new developments. Strong email security and end user training are two of the key areas to invest in to reduce risk.
3. MFA Scams
As MFA (Multi-Factor Authentication) has become a go-to method of adding an extra layer of security, cyber attackers have had to come up with ever more ingenious ways to infiltrate apps and accounts.
One such method is bombarding employees with a constant stream of MFA notifications at all hours of the day and night in a bid to make it more likely that they will authenticate a login attempt to get the alerts to stop. To combat this, Microsoft Authenticator has introduced number matching – whenever you receive an MFA notification, the app will display a randomly generated number that needs to be inputted to verify the login attempt. Microsoft Authenticator also thwarts cyber security threats by enabling users to activate biometric authentication, which uses your face or fingerprint to verify your identity.
4. Free VPNs
The use of Virtual Private Networks (VPNs) has surged as users seek better online security and anonymity as well as access to geo-restricted content. However, free VPNs come with a very big catch: some sell on sensitive information to third parties and many will subject you to unwanted ads and tracking cookies.
This is particularly worrying for businesses if one of your employees downloads a free VPN on a company device or on a personal device they use for work, creating the risk that company data could be sold on to the highest bidder. We recommend businesses invest in or encourage the use of a reputable VPN service with robust encryption, superior user privacy and a guarantee that no data will be logged.
5. Juice Jacking
We’ve all been there – that ‘Eureka’ moment when you find a free public charging point at an airport when your phone battery is down to two per cent. However, it may not be such a great find after all.
The FBI recently warned that we should stop using public charging points due to ‘juice jacking’, which is when cyber criminals tap into USB ports to install malware and monitoring software onto devices as they charge.
The best way to avoid the risk is to carry your own charger and cable, and plug it in to a power outlet. If that’s not an option, you can buy a USB data block to prevent data being transferred while charging.
From juice jacking to phishing and AI-generated scams, one thing is certain – cyber security threats will continue to evolve. The best line of defence is access to quality cyber security IT support, underpinned by ongoing staff training. If this isn’t something you have within your business, it is essential to have a partner who can provide this for you.
If you have questions about IT support and cyber security for your business, we’re always happy to help so please do get in touch.