Increasing the cyber resilience of your company
In today’s world, cyberattacks are constantly changing and becoming more advanced and frequent. As a result, we want to help you stay informed about emerging and common digital threats that small and medium-sized enterprises (SMEs) may encounter in 2023.
Our goal at NLIG is to provide guidance on safeguarding your business from cyber criminals and scammers. Recent research shows that more than 80% of UK businesses experienced a cyber-attack in 2022. Therefore, it is crucial to stay informed about the latest threats and take steps to enhance your business’s cyber resilience against both intentional and unintentional risks.
Phishing, smishing and vishing
Scammers use three methods, phishing, smishing, and vishing, to gather personal information from individuals and carry out identity fraud. These fraudulent activities can lead to financial loss, theft of personal data, or other crimes. Shockingly, the Federal Trade Commission received over 1.4 million reports of identity theft in 2021!
Phishing attacks are well-known and involve receiving an email from someone posing as a legitimate business or reputable person. The email will urge the recipient to click on a link, leading to malware being downloaded onto their system. Alternatively, the recipient may be tricked into revealing sensitive information like bank account numbers or PINs.
Smishing attacks involve receiving a fraudulent SMS/text message containing a link. Clicking on the link may lead to criminals stealing information or downloading malware like viruses, ransomware, spyware, or adware onto the victim's device. In recent times, smishing attacks have increased significantly, luring people into claiming a £400 energy credit. This was a ploy to gather information that could be used for nefarious purposes.
Vishing is where a phone call, voicemail or Voice over Internet Protocol (VoIP) is received, often using a pre-recorded robocall, pretending to be a legitimate company to solicit personal information from a victim. For example, you may receive a call about a warranty for your car or electrical item, such as a washing machine, and be asked to provide information such as address and bank or credit card information. Some can even ask you a question, to which the answer is ‘yes’ – this is recorded and used to authorise charges or access financial accounts.
Increasingly, there is a trend for scammers to get into dialogue with you via email, for example, about climate change, gaining your trust and building a relationship with you so that at some point you will click on a link in a message or email.
Protecting yourself and your business
To avoid falling victim to any of the above, there are a few basic rules to follow:
- Don’t click on links from someone you don’t know. Ask yourself if you need to click on it if you know the person, who the email is from, does it have the right email address. Always check the content and structure of the email address before responding or clicking a link. If you want to check on them, you could go to the actual website of the company they purport to be from and check to see if the info they’ve provided in the message is real.
- Don’t give out personal information to someone who phones you out of the blue, saying they’re from your bank, government organisation or a company you do business with. Hang up and go to the official website, then call them using their official phone number to find out what’s going on.
- Don’t answer calls or texts from a number you don’t recognise. This applies even if you’re phoning to ask if you can be taken off their list – you’re interacting with their call, leading to more calls from scammers.
In addition, keep your devices up to date with the latest patches, don’t share USB sticks or external data drives and don’t back up all your information on one server – if that is compromised, you could lose everything. Instead, isolate essential services and back them up separately. Also, have strong passwords (use a Password Manager, if you wish), have good antivirus software installed on your system and use multi-factor authentication.
Case study
An example scenario is where a small company falls victim to a phishing attack. The receptionist unknowingly clicks on a harmful link, resulting in the download of malware and data theft. Despite the company handling the situation correctly, reporting the incident to the Information Commissioner’s Office and notifying their customers, some individuals affected by the breach may choose to file a compensation claim against the company. Unfortunately, this trend of claims following phishing attacks and data breaches is becoming more common in today’s culture.
Cyber insurance
It’s common to assume that a cyberattack won’t happen to us, but this mindset can make us vulnerable. To safeguard yourself and your business, we suggest taking out cyber insurance. This insurance can protect you from financial and reputational harm if you fall victim to a cyberattack and provide access to expert assistance for restoring lost data.
We’ll be happy to explain in further detail how a cyber policy will protect you and give you the peace of mind that, in the event you are under attack, you have the resources and support to minimise the disruption to your business. Our advice is - don’t leave it too late; let’s get you protected as soon as possible. To find out more about cyber insurance, call our friendly team at NLIG on 01992 703 000 or email insurance@nlig.co.uk
Sources
Experian.com: What’s the Difference Between Phishing, Smishing and Vishing?
fsb.org.uk: How to protect your small business against a cyber attack