Is Your Business Safe From Cyber Attacks?

Data breaches and costly scams are making headlines, as well as millions of dollars for hackers. Read “A Phishing Story”, learn about six of today’s common types of cyber attacks, and what you and your employees can do to protect your network and your valuable data.

Is Your Business Safe from Cyber Attacks?

A Phishing Story

We know of a company that was recently “hooked” hard by a phishing scam. For this story we’ll say the company domain (website URL) is starenterprises.com.

The company had their management team—including names and email addresses—posted on their website. The scammers registered a domain very close to the company domain, simply adding an “s” to make it starsenterprises.com, in addition to setting up a matching email system.

The scammers then sent a fraudulent email from the CEO, “joe@starsenterprises.com” to the CFO saying “Hey Joe, I’m forwarding this invoice, please pay it by wire transfer asap.” The CFO even questioned the invoice and received a response—“It’s for a new widget builder” came the reply. This response made sense for the business, so the CFO wired the money.

The story does not end there.

A week later, the CEO asks the CFO, “what was that wire for?” The CFO replies, “it was the wire you asked me to handle last week.” It was not until this moment they realized they had a problem. And this was just the first and much smaller of two transactions where the scammers succeeded.

When the CFO sent the wire through the bank account, the scammers got the money and additional information about the CFO and the account. They used this information to transfer an additional sum of money from the company’s account to a fraudulent account.

Phishing scams are becoming more targeted and personalized. Don’t fall for them!

Read on to learn more about phishing scams and other dangerous cyber attacks.

Phishing

Phishing is performed by scammers to fraudulently obtain money or sensitive information such as user names, passwords and credit card details by “socially engineering” publicly accessible information. The hackers personalize and target the victim in electronic communication, pretending they are someone trustworthy.

Phishing scams are a big moneymaker for scammers, and they are getting more and more targeted, sophisticated and dangerous.

One of the simplest ways to avoid a personalized phishing scam is to never include individual email addresses (or any email address) on company websites. Use a submission form instead. It is also important to use CAPTCHA (“completely automated public turing test to the computers and humans apart”) authentication for your web forms to protect your site from spam and abuse. reCAPTCHA v3 is a free service available from Google.

The only real way to prevent phishing attacks from succeeding is with employee training. Employees can be trained to watch for anomalies and phishing security test campaigns can be performed. Phishing security test emails are purposely sent to determine if employees click on the attachments or answer the requests. They are safe emails, but highlight users who need more training.

DDoS (Distributed Denial of Service) Attacks

In a DDoS attack, the hackers attempt to make the target website, service, or portal temporarily or indefinitely unavailable to its true users. They accomplish this by flooding the target with tens of thousands of requests per second from a network of devices, making them difficult to resolve since the attack comes from many different sources. Reasons for DDoS attacks may include attacking competitors, blackmail, or activism, or there may be no reason at all.

One of the most famous DDoS attacks disrupted major sites like Netflix, The New York Times and Amazon. The reason for the attack was never verified.

Data Breaches

A data breach involves the release of private information, either intentionally or unintentionally, to an untrusted environment. Data breaches are profitable for hackers and have become more common in recent years. With intentional data breaches, hackers gain access to databases, then copy and sell any personal identifiable information (PID) on the dark web. Millions of credit card numbers and email addresses are for sale on the dark web for pennies apiece.

According to Cyber Risk Analytics’ 2019 Data Breach QuickView Report, there were over 7,000 reported breaches exposing over 15.1 billion records, “a new worst year on record.”

Ransomware

Ransomware is a form of malware targeting both human and technical weaknesses in an effort to make critical data and/or systems inaccessible. Once an organization determines its data is inaccessible, the hackers demand a hefty ransom.

Ransomware is on the decline, however it is still a multimillion-dollar industry.

The FBI’s 2019 Internet Crime Complaint Report noted 2,047 complaints identified as ransomware with adjusted losses of over $8.9 million.

The best way to fight ransomware is to prevent it. The security of ransomware encryption is nearly impossible to crack, so if it gets into your system, you’re in dire straits.

Zero Day Exploits

A zero day exploit occurs after a network vulnerability is announced. One example is Microsoft announcing that they found a vulnerability in their operating system and made a patch available. This prompts hackers to move as quickly as possible to exploit the vulnerability before users fix it with the patch.

Many companies do not patch regularly, leaving their network and data exposed to hackers.

Another example is WordPress, around since 2003 and now one of the most popular platforms to build websites. In the early days WordPress had many vulnerabilities, where hackers were gaining access to the back end and sabotaging company websites.

Man in the Middle Attacks

In a man in the middle, or MiTM attack, the hacker invades communications between two parties who believe they are communicating with each other.

MitM attacks are more and more frequently centered around Internet of Things (IoT) devices that everyone uses, such as smart TVs, WiFi capable speakers, or even smart watches or other wearables like Fitbits.

These devices access the Internet but are not necessarily computing devices like PCs. As such, they are less likely to use encrypted traffic.

Another example is unprotected Wi-Fi in public places without password protection or encryption. Attackers will scan the network utilizing packet sniffer technology, to learn who is on the network, and what they are doing. They will then try to exploit it any way they can.

How to Protect Your Business from Cyber Attacks

There is no amount of protection that can save you from an unsavvy clicker. In addition to implementing the latest technology to prevent cyber attacks, employee education is one of the most important things you can do.

Cybersecurity Tips for Your Team

  1. Never click on an attachment from a suspicious email address. If the email looks off—has misspellings, is from someone you know but reads oddly, has offers that are too good to be true or asks for sensitive information—don’t download the file.
  2. Watch out for .zip and .exe files, as well as executable programs embedded into documents. Zip files are executable files by default, so be especially careful when downloading one. You can be duped into running programs embedded in Word DOCs and Excel files as well.
  3. Be suspicious of all links within emails or advertisements. Cryptowall is an example of malware that infects computers by sending malicious emails appearing to be from legitimate businesses or by using advertisements on popular websites. The links direct to ransomware. Here’s an example: An IT professional profiled on NPR revealed how an employee received an email that appeared to be from PayPal saying the recipient had received money. The compromised link loaded the computer with ransomware, and the business lost 14 years’ worth of data.
  4. Be aware that scammers have become very sophisticated, and can fool the savviest users. Even if there is a remote possibility that correspondence is a scam, inspect all details for accuracy, and don’t click reply—type in email addresses manually. Be suspicious even of emails that appear to come from within your organization rather than risking a ransomware infection.”
  5. Back up your information offline. If your machine or business network gets taken over, this is the best way to get back your data. However it is not foolproof and will still cost time and money.
  6. Keep your antivirus protection, operating system and other applications up to date. These updates primarily address security vulnerabilities or performance issues.

Data Protection Tailored to Your Business

Today, data protection is more complicated than it once was, and different types of businesses need different levels of security. It is our job as your IT partner to know where the vulnerabilities are, and help you make smart decisions about how to keep your business data safe.

This goes beyond patches. We use sophisticated firewalls, better antivirus software, GEO fencing, penetration testing and internal security assessments specifically tailored to your individual business. We take into account your compliance requirements such as HIPPAA, PCI, public sector SOX and regulations for merchants accepting credit cards.

We put our proactive security, business continuity management, and monitoring services to work for you, preventing breaks and fixing vulnerabilities before they can compromise your business performance.

Not sure if your data is protected from cyber attacks? Don’t leave it to chance.
Call us at 602-439-4989 or consider scheduling your
Baseline Network and Security Review.

Why Affinity?

Click below to find out what we do differently that can help you succeed and grow your business. 

Questions? Want to schedule your Network Assessment? Contact us Today.
Recent CASE STUDIES

A Solid Foundation for New Product Development and Growth

A strong technical backbone was critical to meet this software developer’s new product and growth goals. ieLinks’ Director of Technology Operations Rishi Syed shares his expertise and why they chose Affinity for their network infrastructure and administration needs.

Recent ARTICLES
Is Your Business Safe from Cyber Attacks?

Is Your Business Safe From Cyber Attacks?

Data breaches and costly scams are making headlines, as well as millions of dollars for hackers. Read “A Phishing Story”, learn about six of today’s common types of cyber attacks, and what you and your employees can do to protect your network and your valuable data.

Creating Secure Passwords

How to Manage Your Passwords

Best practices for creating and storing passwords is a fluid situation since companies face new threats on a regular basis. What is today’s advice for balancing convenience and security when managing your passwords?

Best Practices for Backing Up Your Business Data

Most of us have lost personal data and know how frustrating it is. When it comes to the workplace, data loss can be catastrophic—even halting operations or bringing your businesses to bankruptcy. We recommend these steps for backing up your data.

Like most sites, we use cookies to analyze site traffic. Unless provided by you in a contact form, we do not store any personal details. By continuing to use this website, you consent to the use of cookies in accordance with our Privacy Policy.