You probably think your business is pretty well protected. More likely than not you’ve invested a bit of money in some cyber security services, made every effort to put the right software protection in place and you’re probably very well-versed in additional security features such as spam filters and antivirus software. And of course, there’s Gavin who knows about the hardware bits and bobs…

So, that’s all bases covered right? Perhaps not. The truth is, your business could still be very much at risk of some of the most damaging attacks out there.

We all know the story of the trojan horse – that famous tale of how the Greeks were able to conceal themselves within and trick their foe into inviting them straight into the heart of their protected fort. Well, what if the same thing happened to your own business but this time something far more sophisticated and sinister, far more discrete, and something far, far harder to spot?

Spear phishing scams are on the rise and since the Covid-19 pandemic hit, cybercriminals have been taking advantage of the additional security risks posed by employees working from home. Between 2020-21 there were £9.6m reported losses from cybercrime in the UK with phishing emails acting as the key enabler*. While it’s easy to believe you’d never be duped by such a scam, these attacks happen more often than you think and more importantly, they happen to people just like you; bright, switched on, IT savvy.

 

Spear phishing; a different kettle of fish

Spear phishing is not like other types of phishing. These attacks are carefully thought out and extremely highly targeted – they are not random attacks.

 

    • Sophisticated cyber scammers will gather personal information on their victims detailing where they work, who they have contact with, what information they have access to. Social media platforms like LinkedIn can provide the perfect platform to harness this detail and use it to cyber criminals’ advantage.

    • Often scammers will pose as trustworthy sources to trick victims into giving away any number of things; personal details, access to certain software, disclosure of confidential information, or the handing over of large sums of money.

    • Disturbingly, they will mimic people in your business – particularly those operating at top level such as the MD – so that the target will willingly and unwittingly give up vital user details and passcodes.

    • They can go one step further; attackers have the ability to plant files within the software to infect devices and cause damage from within. Malware (malicious software) can be used to compromise systems and hijack processing software.

    • Spear phishing attacks are notoriously difficult to recognise as they contain such a high degree of personalisation. Even more disturbingly, they are incredibly difficult to stop once access has been gained.

 

How can you safeguard using cyber security services?

Despite the level of sophistication, these attacks comprise, it is possible to avoid falling victim to spear phishing. It involves taking a look at your entire IT infrastructure / cyber security services and having a complete picture of everything that is going on within your software systems and processes.

Of course, there are the usual preventative measures you can try to instil such as never clicking on suspicious links or attachments, avoiding sending personal information, and always verifying requests, but when you’re dealing with a highly targeted attack these measures won’t always cut it.

In order to avoid falling into the trap of a scam, the best way of protecting your business is to have someone looking after your entire IT infrastructure and cyber security consulting services. The better your managed IT services provider knows you and your business the easier it will be for them to spot anything out of the ordinary.

Only a few weeks ago we foiled one of these sophisticated and sinister attacks that were targeted at one of our managed IT clients, thankfully before any damage was done. The only reason we were able to stave off disaster was because we had eyes on all aspects of our client’s IT, including hardware and software, both local and in the cloud.

On top of this, strategies such as monitoring software that will alert suspicious activity and pen testing to identify your security strengths and weaknesses can be highly effective, especially when working alongside simulated phishing training for employees and increased cyber security awareness.

And remember, while these attacks are no doubt scary and concerning it’s important you are able to continue doing business as you should be, without your software and systems being compromised in the meantime. A good IT provider will take care of ensuring your software is up to date and that you have the very latest cyber security consulting services to ensure your business stays up and running, whatever may be thrown at it. It’s often about going the extra mile.

If you’ve some niggling doubts that your business might not be safeguarded as well as it could be, why not get in touch with us at soVision IT. We’d welcome the opportunity to have a friendly conversation with you about what extra cyber security services you might be able to put in place to protect your business for the long run.

 

References:

*www.actionfraud.police.uk

 

If you’re looking to make some changes to the way your business operates, or perhaps you’re unhappy with your current cyber security services, why not get in touch?