By Cody Lents, Partner and Customer Steward at COVI, Inc.
Cyber risks are constantly evolving, so it can be hard to keep up with the trends. But using a service like Covi can keep you ahead of the game.
There are many examples of cyber risks continuing to take on new forms. Take for example, phishing which has evolved from just an email to texting – called smishing.
Phishing is a digital threat that has grown since the birth of the internet, and it has now changed to encompass a broader range of endpoints and vectors.
Incorporating a security strategy for your organization is critical and needs to provide systems and processes that ensure your accounts remain safe and secure.
Phishing targets victims via email, texting and other forms of messaging to pose as a legitimate organization to get a victim to reveal credit card details, passwords or additional sensitive information.
As a method of cyber attack, phishing began with the birth of email and the commercial internet in the mid-1990s. This type of hacking has only grown significantly in the 2020s, with social media and text messages becoming the most popular ways for attacks.
In recent years, the COVID-19 pandemic has led to many employees working from home, further separating them from an IT department. This can create havoc for the corporate network and organizational security protocols, because it opens up a new level of threat for mobile phishing scams.
Just visiting a website and hovering over an ad can trigger a download or a pop-up. Hackers utilize the same techniques but generate them through browser attacks that typically start with a drive-by-download or trigger. This is being used to open up what appears to be a new browser window that copies legitimate services like Google and Microsoft asking you to log in. They steal your credentials if you do.
Awareness training is needed to stay alert and know when and when not to enter your credentials. Biometric Multi-Factor Authentication (MFA) is being heavily adopted at the enterprise-level and will be trickling down to small businesses over the coming years. Biometric MFA is the best technical control to protect you from drive-bys.
Persistent endpoint protection (computer-level security) is another needed technical control for drive-bys. In our case, Next Generation Antivirus, automated security updates, detection and response software, and continuous vulnerability scanning protect against drive-bys, detect them when they do get through, and alert us to remediate immediately – as opposed to 60 plus days later when breaches are typically discovered.
There are many ways to stay safe from new cyber threats. Do Not Click on Links, unless you recognize a string of texts from that same number which you previously identified as legitimate (e.g. Amazon sends you daily updates due to your purchase patterns and history), do not click the link in the text. Instead, go to the site separately through its app or a secure browser and check it that way.
Do Not Send Personal Information or Log In From the Link. Even if you inadvertently click on the link, do not enter information from that link. These are easily impersonated and by entering login information, a hacker may then obtain complete access to your account.
Be Wary of Fraud Alerts. These are often the most tempting links to click because you want to see what triggered a fraud notice and address it immediately. However, scammers take advantage of that sense of urgency and use it to steal your information resulting in an actual fraud issue. Use financial institutions directly via their secure website or app to check your account. You can call the number on the back of your banking card if you suspect fraud has occurred.
Do Not Download Apps from a Link. If you are prompted to download an app to access the information provided in the link… STOP. If you want the app, go directly to the App store, and search for it there. These downloads can contain malware that now is in your phone and not the app you thought you were obtaining.
Covi can provide the right level of security for your business, and educate your staff members on good security practices. Our automations can also update security quickly in response to new threats, and help you recover should there be a need.
Our continuing education and training keeps us up to date–so you don’t need to.
In today’s day and age, new cyber threats are constantly evolving. It’s best to stay ahead of the curve and continue your education on these initiatives to stay informed and secure.