Phishing: A Guide for Perth Small Businesses
As businesses rely more on technology and are increasingly more “internet facing”, solid cybersecurity measures are important. Businesses are under constant attack from everyone – governments, criminals, hackers and even teenagers.
Phishing is one of the most common tools used by those who try to get access to your systems. Small businesses are particularly vulnerable, as they feel cybersecurity is costly, and consequently don’t have robust security in place. However, a cyber-attack can create problems for your business reputation and cost you irreparable damage. It isn’t time to put your head in the sand! There are some cost-effective steps that you can take.
What is phishing?
Phishing is a type of online fraud used to steal user data like login credentials, credit card number or other sensitive data. It usually occurs in the form of a fraudulent email, text message or instant message. The email or message is from a cybercriminal masquerading as a trusted source and looks like a real message, including the logo of the sender. It can be a message to confirm or renew your account, update payment details or other information, or other similar instructions which look very valid. The recipient is tricked into clicking the link which causes malware to be installed on the user’s system or reveal user information to the attacker.
Types of phishing attacks
Understanding the different types of phishing attacks is important to help you protect your business from it.
Email phishing – This is the most common type. A criminal sends out an email with malicious links to a large number of random people, usually in the thousands.
- Sent to a large number of people.
- Looks very similar to legitimate sender, including logos, language, tone, formats, and signatures.
- Clickable links look very similar to the actual links but contain a small variation of the domain. For example, the original link xyz.org/renewal is changed to xyz.orgrenewal.com.
- Message creates a sense of urgency tricking users into immediate action without giving them much time to think. Usual messages are account renewals, payment detail updating, blocked billing, stopping of services etc.
Spear phishing – In this type of attack, the criminal targets a specific organization or individual. The attacker would have researched the victim and would have good knowledge about the communication channels and organizational structure of the entity or online habits of the individual.
- Email mimics the official communication template, including text and signatures.
- Usually from a higher authority to a subordinate.
- Usually asks a user to open a password-protected document. The p/w maybe employee id, or account number in the case of individuals.
- The purpose is to usually carry out an advanced persistent threat, with the criminal remaining detected for a substantial period.
How can you protect your small business from phishing?
- Cybersecurity Audit
The first step is to perform a thorough cybersecurity audit. As cybercrimes get increasingly sophisticated, it is advisable to take professional help. Computing Australia has been providing cybersecurity audits for businesses in Perth and keeping them safe from cyberattacks for many years.
We recommend the following to protect your business from phishing
What is ‘The Essential Eight’?
The essential eight is a list of mitigation strategies from the Australian Cyber Security Centre (ACSC) to assist in preventing malware attacks and cybersecurity incidents.
- Application controls – to prevent the execution of malicious programs.
- Configure Microsoft Office macro settings – to allow only vetted macros from trusted locations.
- Patch applications – within 48 hours to mitigate systems with high-risk vulnerabilities.
- User application hardening – to block and disable unnecessary features.
- Restrict administrative privileges – based on user duties.
- Multi-factor authentication – for all users.
- Patch operating systems – including network devices with extreme risk vulnerabilities within 48 hours.
- Daily backups – to ensure access to information in the event of a cybersecurity incident.
Computing Australia Security for Small businesses in Perth
Advanced Persistent Threat – a cyber-attack where a criminal gains access to a system or network and remains there for a prolonged without being detected.
Malicious Links – a link created for the purpose of a cyberattack.
2 FA – 2 Factor Authorisation – Access is granted only after two steps of authentication. You will need to provide two pieces of evidence to establish your identity. This is also known as MFA (Multi-factor authentication).