Most small and medium-sized businesses think that cybersecurity is an issue that only affects large companies. However, more than 43% of cyberattacks are focused on hurting small and medium-sized businesses. 

Here we share common malicious scam trends and valuable tips for strengthening your cybersecurity posture to protect yourself, and your business, against cybercriminals’ attempts to steal sensitive information and account credentials.

1. First Trend: Remote Work or Work From Home

Fact:

About 20% of fraudulent accesses, or Data Breaches, were made through the internet connections of employees working remotely.

Risk:

The concept ‘Work From Home’ made a radical turn as a result of the pandemic. This remote work mode has created a gap in preventive security measures. With more people working part or full-time from alternate locations, companies find it more difficult or complex to enforce policies to increase the protection of information handled by their remote employees.

Recommendation:

Adopt secure connections known as VPN or virtual private networks. This connection is encrypted between the employee and the office, thus allowing the secure exchange of information between parties. 

How does it work?

By encrypting the connection between the remote employee and the office, it makes it difficult for hackers to access or steal information that is shared over the internet.

2. Second Trend: Credential Theft

Fact:

82% of people admitted that they reuse passwords on all accounts and nearly half (44%) of cyber thefts exposed their victims’ personal data on the Dark Web.

Risk:

Compromised credentials lead to compromised data. One easy way for cybercriminals, or hackers, to gain access to your company’s information is through the use of an employee’s credentials. 

Recommendation:

Protect your credentials by adopting the 2FA policy. Credentials are made up of the employee’s Username and Password and are connected to a working system. If the hacker manages to obtain the credentials of an employee, he/she can easily enter their corporate systems and extract information, reports, and critical documents from the company, or worse, from its customers. 

Why do hackers want to steal credentials?

Hackers want to steal your information because it is a lucrative business. They sell your corporate information in a hidden place known as the Dark Web. This place is used by hackers to sell your company’s and your customers’ private information. 

However, your company can mitigate risk by hiring a low-cost service that helps limit exposure, known as a Dark Web Monitoring Service that generates proactive alerts if a credential is identified and published on the Dark Web.

3. Trend Three: Fraudulent, Malicious & Infected Emails 

Fact:

Today, 90% of all cyberattacks companies face are conducted through phishing email attacks. In the wake of the pandemic, fraudulent emails have grown even more common, increasing by 65% in the last year.

Risk:

Phishing attacks have become much more sophisticated in recent years, and cyber attackers, or hackers, have become more convincing by pretending to be legitimate business contacts, someone you know, or some trusted institution. This mechanism is a type of scam. 

There has also been an increase in the attack format known as Business Email Compromise or BEC. Hackers send emails with the intention of stealing passwords, focusing on gaining access to the accounts of your company’s top executives. This includes the owner, president, CFO, Human Resources, etc. Cybercriminals then use these accounts to request fraudulent transfers from employees such as Purchases. 

Do you remember the famous news story where government employees fell victim to fraudulent emails and managed to transfer millions of dollars in public funds to a bank account outside of Puerto Rico? Well, that’s what phishing campaigns and Business Email Compromises are capable of. Hackers appeal to our human senses and commitment to work by manipulating social engineering to get us to act on the requests they make in emails.

Recommendation:

Part of what makes phishing attacks so harmful and effective is that they are difficult to combat—they use social engineering to attack so you must also use social engineering to address your employees on how to fight back and be aware of such scams. 

How does it work?

If your company has not provided its employees with access to informative talks so that they can learn how to identify, stop, and report potentially malicious or fraudulent emails, this is an excellent opportunity. Studies confirm that over 86% of email scams can be avoided simply by training your employees.

To learn more about the different cyber attacks you may be exposed to and how to protect yourself, contact one of our insurance specialists.

Source: Onuvo