In the last year the threat of being phished has gone through the roof. The spoofed emails have become more convincing and harder to identify. The outcome from being phished is also much worse. They used to just send spam from your account but now they have more tricks:

1. Send a change of bank details notice to your payroll administrator so on payday your salary is transferred to the attacker
2. Target the person in charge of payments in your business and attempt to compromise them via emails from your account
3. Intercept a valid invoice from one of your suppliers and change the bank details

The simplest and best way to prevent these phishing attacks from being successful is to enable 2FA in your business.

Contact us here if you are interested

The last couple of months has seen a rush, if not a stampede to work from home, following the guidelines and reducing the impact of COVID-19. However this needs to be done in a safe manner that does not not expose your business to increased security risks. It is important to remain compliant with legislation such as GDPR and PCI whatever the circumstances.

Some points to consider when allowing staff to work remotely

• Secure their logons
  Implement Multi Factor Authentication (MFA or 2FA). A strong password on it’s own isn’t enough. Multi factor involves an extra security step, such as an SMS or app on a phone, or biometric method such as fingerprint or facial recognition.
• Encrypt their connection
  When users connect to your office, deploy an encrypted VPN connection. This ensures the connection between their computer and your servers is secure and the data transferred cannot be intercepted. When using cloud services make sure they use secure HTTPS connections.
• Manage their devices
  Deploy Mobile Device Management (MDM). An MDM system will allow you to monitor, manage and secure laptops, smartphones and similar devices. If a device is lost or stolen it can be locked or wiped remotely.
• Protect their devices
  Have a firewall that is enabled and configured correctly on the device, and use Antimalware Software that is updated and monitored.
• Secure your business data
  Encrypt hard drives and USB drives with a technology such as Bitlocker, arrange for data to be securely backed up, and have your staff aware that they should only save data in secure locations for compliance with relevant legislation such as GDPR and PCI.

This is where telanova can help, we have enabled our customers to work remotely and safely by implementing best practices and secure technologies appropriate to their needs. Would you like us to secure your home working setup? Contact us now.

We stay on top of security news for our customers and warn and work with them to prevent losses like this. In this instance the fraud could have been prevented if their procedures included verifying the payment details by calling back via a known number. It is also important that other protections are in place such as two factor authentication, display name spoofing protection etc.

Want to know more? call us

One of the fastest growing IT challenges businesses face today is the number of bank transfer fraud attempts. Below is an example of how a fraudster will carry one out:

1. Scout out your business online - your website, linkedin etc
2. Make a sales enquiry to obtain your branding
3. Sign up for a free email address using your business owner’s or key employee’s name and setup an identical email signature
4. Start an email conversation with one of your accounts team, usually something simple to get an email conversation going
5. If their target replies, they reply with an urgent request, something like an overdue invoice, to make a transfer to the fraudsters bank account.

If anyone were to check the actual email address they would realise that the email didn’t come from the right address, but most email clients only show the display name, not the email address. These emails, done the right way, are virtually undetectable by spam filters.

How can you protect your business?

If you use Office 365 one method is to setup a transport rule as per this Microsoft blog post

If you use Google G Suite follow the "Turn on spoofing and authentication protection" section on G Suite Admin Help: Advanced phishing and malware protection.

Better still, get us to do this for you and continue to protect your business against this and other risks

Web threats have increased over the past few years. From phishing sites to drive-by downloads, the dangers have never been greater. To stay safe, you need to make sure you have advanced malware protection.

Keep your employees safe

• Check the reputation of each site before the browser loads it and block it if below a certain threshold. Protecting your employees from malware, phishing, adware, botnets etc.
• Block harmful sites, such as hate crime, drug abuse, violence, nudity, gambling etc.
• Keep users off sites that could cause a data breach and protect the business from the legal liability that comes with a data breach.

Improve productivity

• Block unproductive sites, such as Facebook or Netflix during working hours e.g. 0800 - 12:00 and 13:00 - 18:00

Isn’t antivirus enough?

No, Antivirus offers very basic protection from opening ‘dodgy’ websites, nor blocking of inappropriate content or non-business websites.

Oh, you think you're so safe with your little green padlocks, huh?

Think again. PhishLabs have recently published research where they have found a staggering 24% of phishing sites use HTTPS, an otherwise well known protocol that used to establish trust and privacy of using a site.

Over the years, we have seen a massive push towards encryption of everyday services. Browsers now display a warning for sites that aren't encrypted and half the web now uses standard encryption for their websites. So why fight the competition when you can just join them?

How many times have you visited a website and trusted inputting your sensitive financial data just because your browser says its safe? It's time for that behaviour to change!

How to stay safe online

Create complex passwords.Yes, I know, you've heard it all before. But the reason you've heard this before because it is the forefront of security, and arguably the most important part. Having a strong password (e.g. complex, numbers, capitals, special characters) can save you from a world of trouble.

Be overly cautious.If its too good to be true, it probably is. Don't enter or give any information to anyone unless you can authenticate who they are. And, for whatever reason, don't click random links on the internet.

Look into active web protection.In a day and age of increasing number of cyber attacks, we also fortunately have an increasing number of methods to protect ourselves. Look into installing some form of active web protection that blocks possible malicious websites e.g. McAfee