Data breaches are unfortunately becoming a more regular occurrence, with several big-ticket businesses across the world falling victim to a recent attack.
As companies work diligently to implement increasingly sophisticated data security strategies, it seems hackers are keeping up with the moving technology – which is why we need to be aware of, and understand, the threats hackers impose.
Phishing vs. vishing?
The word phishing is used to describe the attempted acquisition of sensitive information electronically. It’s a form of fraud whereby the attacker tries to learn information such as login credentials or account information by masquerading as a reputable organisation or person via email, instant messaging, and other communication channels.
Typically, a victim receives a message that appears to have been sent by a known contact or organisation. An attachment or links in the message may install malware on the user’s device or direct them to a malicious website set up to lure them into divulging personal and financial information – including, card details, bank account numbers, passwords, and more.
Alternatively, vishing is the act of fraudsters using the telephone to scam users into surrendering private information that would be used for identity theft. The scammer usually pretends to be a legitimate business or individual, and more often than not fools the victim into thinking they will profit.
Who’s at risk?
Anyone can be a cyber-attacker’s target. Small businesses are particularly vulnerable as there are often not as many controls in place to protect data or place secure payments. An SME may also rely on ‘off the shelf’ products for things such as internet protection, which is where hackers flourish.
An additional danger of vishing is that it relies on the good nature of the victim at the end of the phone to believe that who they’re talking to is genuine. Unfortunately, it just so happens that people give away personal information without noticing. Fraudsters do this by building rapport with the victims, for example asking about their pets, family, where they’ve recently been on holiday – so that when it comes to asking for personal information, victims are more likely to hand it over, as they’ve built trust over the phone. Hackers will try any means to get you to give them information.
More than half (52.4%) of spear phishing attacks – carried out using fraudulent email addresses – in 2015, were against SMEs.
The threat to your bank account
The biggest threat though, of course, is to your bank account. Often, a hacker’s goal is to gain access to your bank accounts, which allow them to move money from the accounts without your knowledge. The fraudster could also get you to pay them directly! The imposer could give you incorrect details of one of your existing suppliers, and instead of paying your trusted supplier, you’re in fact paying the criminal directly.
SMEs can beat the fraudsters
- Treat every phone call with caution – you wouldn’t hand cash over to complete strange who knocked on the door of your organisation’s premises, just because they rang the bell!
- Always double check – if you’re advised via email or telephone that a supplier now has an alternative bank account that you should be paying, hang up the phone and call the number back. If possible, you should use a different phone number and ask to speak to someone in the Accounts Department. You should confirm all the details to see if it matches what you have just been told. You should always call your existing contact who you have dealings with, to check it is legitimate.
- Never click! – don’t click on any suspicious looking links in emails or text messages – always log onto the sender’s website and see if you can marry the page up with the sent URL.
- Know what’s legitimate – it’s important to remember that any legitimate company won’t ask for any full pin numbers via email, text message or phone call. Never disclose any PIN’s.
- Go with your gut – if it doesn’t feel right to you, then chances are – it’s not! If you have concerns about what you’re being asked to do, or what information you are being asked to reveal, do not do it.
74% of small businesses reported a security breach in 2015. SMEs are now actively being targeted by cyber criminals.
Data security trends
The following data represents data security incidents under consideration from Q1 of 2016/17 in specific sectors. The information comes from a variety of sources including self-reports from data controllers, media reports, whistle blowers and reports from data subjects.
- Health – 232
- Local government – 62
- General business – 53
- Finance, insurance & credit – 34
- Education – 34
- Charitable & voluntary – 29
- Justice – 22
- Legal – 14
- Central government – 12
- Other – 53