Hackers are becoming smarter and are developing new ways to trick businesses and consumers into falling for one of their scams.
One of the shifts in hacking attempts is that human behavior is now being leveraged by those who seek to do harm. As technologies that shut down traditional avenues that hackers were using to gain access to proprietary data continue to evolve, hackers are now shifting to understanding human behavior in opening up emails or responding to them. Email continues to be one of the main avenues explored by hackers.
By, now most people have seen the infamous wire transfer email that looks legitimate coming from a fellow co-worker. The email alone is evidence that hackers understand who is working with whom in an organization. They are preying on the fact that the end user is responsive to email and are hoping that the user will act without really paying attention to the full content of the email. The email indicates that an updated invoice is attached and you see what looks to be a normal word document. Diligent users understand that these are the types of documents that are harbingers for dangerous macros that introduce viruses or snooping software into a network. This is just one example.
In the latest cybercrime twist, the IRS says that hackers are now targeting tax preparers by employing email phishing scams and hacking attempts. Why? For the same reason behind every breach: because cybercriminals want to steal Social Security numbers, personal information, and financial data. Some hackers have filed fake tax returns with stolen identities; some simply try to sell the info on the black market. But it doesn’t matter what happens to the data once it’s stolen. If you’re the business owner left footing the bill for emergency IT services and informing your clients of a confidentiality compromise? That’s going to have a negative impact on your company; no matter what business you’re in.
How is this most recent scam happening? The same way they always do. Hackers send out emails that look like they’re legitimate — in the case of tax professionals, purportedly from tax software providers reaching out about a crucial update — and ask the recipient to click on a (bogus) link. One click leads to an infected site, which may ask you to download a file, which when opened can access your computer and steal your data…
CPAs, lawyers, doctors, bankers — it doesn’t matter what industry you’re in: if your company houses confidential data, your systems could be at risk. The tax preparer situation provides a broad lesson, though. Proactive monitoring solutions that keep a 24/7 eye on your computers and networks are just the first step in IT security. With the IRS cracking down on data security regulations, compliance is even more important — and more difficult to achieve.
Any successful security strategy must also focus on the human element. Here are five tips you and your employees can follow to keep everyone safe:
1) Keep an eye out for phishing scams. Does the layout of the email seem odd? Sender’s address look a little strange? Any blatant misspellings? Awkward phrases? This mental email assessment checklist can be completed in less than a minute, and although it might seem annoying, in today’s digital world, it’s necessary. If an email seems out of the blue or slightly off, there’s probably a reason why. Which is why it’s so important that you…
2) Don’t click ANY links or open ANY attachments in an email unless you know the sender and are expecting them. This is pretty self-explanatory — and not abiding by it is the most likely way to compromise a computer. Its importance cannot be understated.
3) Don’t use the same password for every account. The options here are infinite. You can manually make up variations on a long mix of numbers, letters, and special characters. You can use an online password manager to regularly change your logins (while you only have to remember one secure master password). You can employ two-factor authorization. Or you can give your company the highest level of protection with enterprise-grade password management solutions. The important thing is that you never use “password123” any more.
4) Browse the Internet safely. If you rely on a Wi-Fi network, make sure it’s password protected and not public. Any time you’re transmitting personal information online, look for “https” or the lock sign next to the web address in your browser. And please, don’t click on any of those ads or headlines that are too good (or ridiculous) to be true.
5) Treat your data with the respect it deserves. You take your responsibility to clients seriously — you should take their data seriously, as well. (And the IRS really wants to make sure you take their data seriously.)
Dallas Stewart is the owner and operator of CMIT Solutions in Bellevue, Kirkland and Redmond. He provides IT solutions to small and medium-sized businesses throughout the area. For more information, please visit www.cmitsolutions.com