Cybercrime is becoming more expensive for business and charities. The Department for digital, culture, media and sports data showed that in 2019, the average annual cost for charities following a data breach was £9470. The cost for business following a data breach was almost £5000.
89% of data breaches in the UK are the result of human error. (Apricorn). The human factor affects users across the board from large multinational organisations to charities, public sectors and SMEs.
The threat of data breach due to human error can be both internal and external in nature. Internal threats or inside threats are data breaches where employees abuse and misuse data. Sharing login details is a big concern here. A survey by Centrify found that sharing credentials was common. 51% of IT administrators shared login details, and 59% of contractors shared login details with colleagues.
External threats are usually cybercriminals attempting to gain access to data through phishing. Phishing is one of the most significant security risks for organisations, and comes in many forms:
Phishing is when cybercriminals contact targets by email, text message or telephone. Often posing as legitimate businesses or connections, phishing attempts to get individual or organisations to divulge data or information such as banking, credit card information or passwords. Phishing attacks are sent to multiple people at the same time.
Spear phishing is when cybercriminals send emails masking as legitimate contacts or organisations. The target of this is to obtain personal or business data. Spear Phishing attacks are personalised to their victims.
SMS phishing or Smishing is an attack when individuals are tricked into a downloading a Trojan Horse, virus or malware on to a mobile device through a text message.
Vishing is when cybercriminals secure personal data over the phone. Cybercriminals pose as legitimate businesses to gain data. Social media makes it easy to obtain real details and avoid raising suspicion.
Search Engine Phishing
Search engine phishing is when a URL is used to create a fake webpage posing a real address. You may receive an email or text message with a web link that looks legitimate. However, it takes you to a web address that is run by cybercriminals. Victims are encouraged to give personal data like passwords or bank details.
Whaling is very similar to spear phishing but targets senior-level or director employees or board members specifically.
Business Email Compromise.
Known as CEO fraud or business email compromise, this attack relies on social engineering rather than hacking. Cybercriminals spoof the email address of a company executive and send emails to unsuspecting employees. The email usually comes through with requests to release funds or data. Employees comply believing it to be a request from their boss. According to the FBI, CEO fraud has cost businesses across the world at least £21 billion since 2016.
Non-Executive Target Email.
Whilst Whaling is targeted at C-suite members of organisations, non-executive targeting focuses on employees. Cybercriminals may spoof employees emails and send HR details of a new bank account to pay wages into. Or make requests for small data releases. Whilst the reward for the cybercriminals are lower, there are more employees to target.
Data shows that more than 30% of all hackers emails are sent on Mondays. This may be due to hackers hoping to capitalise on the rush to get back to work after the weekend.
So, how can you protect your personal and business data from Cybercrime?
- Protect your personal data, including user names and passwords.
- Practise good password management. Read more about how to protect your password.
- Beware of suspicious emails and do not click on suspicious links.
- Always check that emails you receive are from legitimate contacts.
- If you receive an email with a link to a web address, do not follow the link. Go to the web address, go to the full URL address.
- Beware of wording like “verify your details.”
- Cybercriminals suggest your account data is compromised to urge you to share details.
- Don’t open attachments from unknown contacts.
Allteks offers a wide range of cybersecurity solutions for our clients, including:
- Bitlocker- encryption for data help on laptops and devices.
- Email filtering- spam and virus filtering protection, scanning all emails for threats like phishing.
- Firewalls- designed to stop unauthorised access to your network.
- Offsite cloud backup.
- Two Factor Authentication
Allteks provide cybersecurity, IT support and IT services across the UK. Our head office is based in Maidstone, Kent. We support schools, charities, the public sector and businesses both remotely and onsite. Allteks offer fully managed IT services and co-managed IT solutions including business with IT Infrastructure, IT support, Cloud service, business telephony. Microsoft 365, disaster recovery. and cybersecurity.