It’s lunchtime, but Stephen is behind after the holiday break. He grabs a sandwich, returns to his desk, has a quick browse of Facebook and checks his personal email before getting back to his to-do list.
A friend has asked him to review a document in Dropbox. Stephen is curious. He clicks the link. He’s greeted by a pop-up: Pay up if you want your files released.
Unknowingly, he has unleashed ransomware on his computer. Even worse: it has infected his company network. The $5000 ransom fee is the least of his worries.
Just like that, a single private email link has become a company-wide catastrophe.
Pick a door: The many ways hackers can break in
Today, it’s easier than ever for hackers to infiltrate a business. Companies worldwide are grappling with a huge headache: the ease of entry for cybercriminals.
A mammoth 91% of all hacks begin with an email. And 23% of people are known to click phishing links.
It’s a tantalising prospect for hackers. They know the havoc they can cause by tricking a single staff member: it might be access to critical hospital medical records, private customer information, or lucrative credit card details. On the black market, this information commands a high price.
While cyber attacks commonly arrive via email in the form of phishing, malware and ransomware are now being delivered in creative new ways. They might be buried in an ad on a website, or a fake news story shared on Facebook. Any device is a target.
How the modern way of working plays into hackers’ hands
Today, we work differently. People no longer commute to the office and perch at a desk from 9am to 5pm.
Flexible hours, working from home or other remote locations, job-sharing, and a growing requirement to be available around the clock means people need constant access to technology.
They access their work email on their personal phone, or check personal emails and social media on work devices.
Unwittingly, they’re making the workplace – and its customers – vulnerable to attack. Now, when a personal email account is breached, it has wide-ranging implications.
Isn’t cybersecurity an IT issue, rather than an individual concern?
Unfortunately, it is not. Worldwide spending on cybersecurity is projected to exceed $1 trillion cumulatively in the five years to 2021, Cybersecurity Ventures predicts. Yet cyber breaches are happening more than ever.
Why? Scammers’ tactics evolve and improve. The most successful methods, such as spear-phishing, can be hardest to detect. Last year a Snapchat employee accidentally released private payroll information after falling victim to a scammer who impersonated company CEO Even Spiegel in a ploy known as whaling.
Toy manufacturer Mattel wired $3m to a Chinese bank after a criminal impersonated the CEO to request the transfer. The money was never recovered.
The costs of cybercrime go far beyond financial. Productivity implications, restoration costs, reputational harm, loss of IP and legal ramifications are just some of the risks.
How does a company protect itself while maintaining employees’ privacy?
- A solid ‘Bring Your Own Device’ (BYOD) policy. For advice, see How to write a BYOD policy that doesn’t compromise your business security
- Educate all staff about the dangers of poor cybersecurity practices, and the risks of downloading potentially-dangerous files.
- Apply rules for sensitive data. Some workplaces prohibit staff from sharing spreadsheet documents with external email addresses, for example.
- Have a clear reporting process in the event of a possible breach.
- Use real-time cybersecurity protection for email and web, such as MailGuard and WebGuard. For a few dollars per staff member per month, MailGuard's cloud-based email and web filtering will significantly enhance your business security.
Need to know more?
Interested in discussing your company’s security? Contact one of MailGuard’s cybersecurity experts: expert@mailguard.com.au.
For media inquiries, or to interview a cybersecurity expert, contact Jaclyn McRae: jaclynm@mailguard.com.au.
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.
