Welcome to Cyber Clues!
Who let the malware into the office?
You may be wondering why the location makes a difference to how a cyber criminal could break into the office network. After all, how could being in a different room make your device or network more or less secure?
Surprisingly, location plays a big role in cyber security, with some places being notorious for weak security or common hacking tactics.
The office isn’t huge – 8 main departments but there’s also the coffee shop across the road that’s a firm favourite with lots of the employees.
CEO email fraud is a particular concern, especially where corporate communications policies are concerned. Phishing scams come in many forms, from spear-phishing (targeting a specific individual) to executive 'whaling', which relies on impersonation of top executives.
What does marketing have to do with this? Fraudsters can gain an incredible wealth of information to leverage against your company (including who your superiors and colleagues are) from corporate websites or social media profiles like LinkedIn and Twitter, so be careful about what you share about executives' habits or schedules. Be discerning about who you accept as a connection on company or executive accounts, particularly if it comes without an introduction.
Kitchen & Chill out Zone
Social engineering has increasingly crossed boundaries between work and the rest of life, leveraging your employees' emotions to gain trust and access. Research suggests that the top emotional motivators behind successful phishes are entertainment, social, and reward or recognition.
This means that 'consumer scams' targeting employees personally while on the job have increased in frequency. This makes office common areas like the kitchen or chill out zone places where people let their guard down for a few minutes to scroll online. The lines can become blurry when employees are using personal devices for work or checking their social or news notifications whilst taking a break. Research by ESG suggests that 67% of small businesses allow employees to use any endpoint device they own (tablet, mobile, laptop, etc.) for work purposes. Improving endpoint device security is one way to combat this shift in phishing tactics.
Reception & The Coffee Shop
42% of retailers cite in-store Wi-Fi technology as posing their greatest security risk. That's where a benign place like a coffee shop (often used for flexible and remote working) can become an avenue for cyber criminals right into your network.
Unsecured Wi-Fi connections are a significant threat to your cyber security. Attacks can come from even the simplest things, like outdated security protocols and weak passcodes. Once they're connected, hackers can plant malware and 'eavesdrop' on your activity or files. Another tactic is to create a rogue hotspot through a foreign access point that mimics the public network in the coffee shop or business. Once a user logs in to the false AP, malicious code can be planted on their device.
Additionally, employees who are in the habit of sharing your office Wi-Fi code are putting your secure data at risk. Make sure your network passcode is changed frequently and kept confidential. Employ network segmentation to keep the most critical data separate, private and secure.
Email phishing scams are another major threat in the accounts department, because they hold the proverbial purse strings!
That's where advanced Email Security Solutions from our partners like Mimecast and the Email Laundry are an excellent choice for verifying attachments, identifying fraudulent senders and protecting your network from these advanced phishing scams.
Overall, we encourage businesses to focus on creating a secure IT infrastructure with superior firewalls, cloud-based two factor authentication and endpoint security for every device that connects to their network. All of these services can be seamlessly integrated and supported with 24/7 threat monitoring.