It may be a New Year, but little has changed in the world of cybersecurity. Top of the list of concerns for business owners and IT managers this quarter is phishing attacks.
A well-informed business owner knows the dangers that malicious individuals pose to their company, but they also know how to defend against them effectively. In this post, we’ll help explain why the New Year is such a hotspot for phishing activity and the steps you can take to protect your business.
This time of year is ripe with opportunity for malicious individuals (commonly known as scammers or hackers), with or without the continued presence of Covid-19. Corporation tax and self-assessment tax returns make for particularly enticing bait that scammers can dangle in front of unsuspecting users.
The submission of tax returns and the refunds and rebates that occur as a result are among the most popular methods used by scammers during this period. Submission reminders are a common tactic, but refund-related attacks are particularly prevalent. These were a common tactic last year. In the last 12 months alone, the HMRC has received more than 846,000 complaints of suspicious HMRC contact and reported over 15,000 web pages. No doubt, this tactic will be a popular choice for scammers this year, too.
Worse still, scammers have an even bigger window to target users with self-assessment scams due to the extended submission period that lasts until 28th February.
This kind of attack is so effective because everyone is looking for positive news this time of year and rebates are broad and opaque enough for users to learn more. Hackers will send targeted emails informing recipients they have a tax rebate or refund they need to claim. If they click the link, they will be sent to a malicious website that will encourage them to enter personal or company details.
The pandemic gives hackers yet another way to target customers. In fact, Covid-19-related phishing attempts are expected to rise in the New Year. Almost two-thirds (64%) of businesses expect to face more of these attempts in 2021, according to a study from Centrify. Over half (52%) of the 200 decision-makers surveyed said they expected the number of attacks to grow due to recent lockdowns.
The threat level of phishing attacks has been rising throughout the pandemic. Companies are now experiencing an average of 1,185 attacks every month, according to the 2020 Phishing Attack Landscape Report. Over one-third (38%) of businesses report a coworker falling victim to an attack within the last year. Attacks have been so common that 15% of businesses spend between one and four days remediating attacks.
Businesses are being targeted from every angle according to a recent report by the BBC. Hackers are posing as service desk workers, tricking employees into downloading viruses and even impersonating CEOs on Whatsapp.
Vaccine scams are also prevalent at the moment, warns IT Governance. Research has unearthed a high number of phishing campaigns targeting people’s eagerness to get the virus or the uncertainty surrounding the process. Many of these campaigns use attachments to install malware or keyloggers
As we have discussed before, users are more susceptible to cybersecurity attacks when they are working remotely.
For one, their guard is down when working from home. People don’t think they will be victims of phishing attacks at the best of times, but they can be even less aware of the dangers cybersecurity attacks pose to businesses when they aren’t in the office. Unfortunately, it only takes one absent-minded click to cause severe damage.
Second, working from home has increased hackers’ opportunities to access your corporate network. Unsecured home networks have several vulnerabilities that hackers can use to infiltrate your systems. In particular, they can use other unprotected devices connected to the network, like Playstations and Xboxes, as a backdoor into your systems. So even if your company device has anti-virus software installed, it may still not be sufficiently protected.
The best way to mitigate the damage of cybersecurity attacks is to prevent them from happening in the first place. Business-wide protection measures are an essential first step. These include:
These measures will stop the vast majority of phishing attempts, but you’ll never be able to prevent every single email from slipping through.
To fully protect your business from malicious attacks, it’s essential to keep cybersecurity at the forefront of your employees’ minds. They are the front line in the fight against hackers and the people who ultimately control the fate of your business’ security.
We recommend regular, non-intrusive training sessions to help employees identify phishing emails and deal with them appropriately. We also advise businesses to run simulated phishing campaigns that track who opens suspicious emails, clicks on their links and downloads attachments.
The latter isn’t a way to weed out those employees with poor digital hygiene. It is an excellent way to see if there is an underlying problem within your business that needs to be addressed.
Business executives also have a role to play in keeping awareness eye. Regular mentions of phishing attacks during company meetings will help keep the idea fresh in your employees’ minds and ensure that the training and simulated campaigns aren’t for nought.
You can also point employees to the Government website where they have compiled examples of HMRC-related phishing campaigns that you and your staff should make yourselves aware of.
Sign Up For Regular Security Updates
Cybersecurity threats change so fast that business owners and IT executives need to keep their fingers on the pulse of the industry if they are to keep their business protected.
Let us do the hard work for you. Use our contact form to sign up for our regular security updates and we’ll send a detailed report of the threats facing your business every quarter and how you can protect against them
You’ll never be left in the dark again.
No Comments Yet
Let us know what you think