As the importance and use of technology and the internet grows, so does the potential for it to be an avenue for eCrime, one of the fastest-growing criminal activities of recent years. During Cyber Security Awareness Month, Stefanini wants to emphasize and keep you informed about the dangers that businesses face, which can affect the reputation and informational security of your company. The severe consequences of a flawed approach to cybersecurity include millions being lost as a result of increasingly sophisticated attacks, alongside the huge costs of any reputational damage and fines that could be issues by regulators as punishment for failing to keep data safe. Preventing this requires a best practice approach to defending against eCrime, which is any type of crime that takes place over the internet or via a mobile device. It is an attack or abuse, using technology, which is intended to cause another person harm, distress, or personal loss.
Today, all businesses in all domains depend on technology and data. Recent changes to cloud-based environments, interoperability, data sharing, and the use of multiple apps to conduct day-to-day business, introduce cybersecurity risks such as active threats, data robbery, data loss and ransomware demands.
How cybercrime works
Cybercrime attacks can begin wherever there is digital data, opportunity, and motive. Generally, eCrimes do not occur in a vacuum but instead rely on other actors to complete the crime. This is whether it’s the creator of malware using the dark web to sell code, the distributor of illegal pharmaceuticals using cryptocurrency brokers to hold virtual money in escrow, or state threat actors relying on technology subcontractors to steal intellectual property (IP).
Cybercriminals use various attack vectors to carry out their cyberattacks and are constantly seeking new methods and techniques for achieving their goals, while avoiding detection and arrest.
Four key behaviors to prevent attacks:
- Enabling multi-factor authentication
Also known as two-factor authentication and two-step verification, multi-factor authentication, or MFA, is a security measure that requires anyone logging into an account to navigate a two-step process to prove their identity. It makes it twice as hard for criminals to access an online account. When it’s available, MFA should always be turned on, offering a simple way to greatly increases your security.
- Using strong passwords
Passwords are your first line of defense against cybercriminals and data breaches. Also, it has never been easier to maintain your passwords with free, simple-to-use password managers.
Five rules for setting a strong and secure password:
- Rule 1: use at least eight characters.
- Rule 2: use a combination of different characters
- Rule 3: use at least one uppercase character.
- Rule 4: never use a common phrase in your password.
- Rule 5: never use the same password twice
- Updating software
Always keep your software updated as soon as updates becomes available. These updates fix general software problems and provide new security patches addressing vulnerabilities that criminals might exploit, so updating your software is an easy way to stay a step ahead.
- Get it from the source.
- Make it automatic.
- Watch for fakes!
- Recognizing and reporting phishing
A phishing attack is an attempt to trick a user into divulging their private information, involving criminals using fake emails, social media posts or direct messages with the goal of luring you to click on a bad link or download a malicious attachment. If you click on a phishing link or file, you risk handing over your personal information to cybercriminals. A phishing attack can also install malware onto your device.
Cybercriminals frequently carry out their activities using malware and other types of software, while social engineering is another important component of most types of cybercrime. Phishing emails are another popular method of attack, especially in the case of targeted hacking attempts, such as business email compromise (BEC) attacks, in which the hacker attempts to impersonate, via email, a business owner in order to persuade employees to pay out false invoices.
How to report phishing.
Some email platforms let you report phishing attempts. If you suspect an email is phishing for your information, it’s best to report it quickly. If the phishing message came to your work email, let your IT department know about the situation as soon as possible.
Here’s how to:
- Report a phish on Outlook.
- Report a phish on Gmail.
- Report a phish on Mac Mail.