Protecting your business from phishing and ransomware

Tech Pointers

As a business owner, you know that Information Technology (IT) is critical. This article discusses major threats to your business from the IT perspective — phishing and ransomware attacks, for example — and explains how you can safeguard your business against them. 

Phishing. In phishing attacks, cybercriminals generally send a web link disguised to look genuine. For example, an email may be sent to you that looks as though it came from your bank or the IRS announcing a tax refund that your business is eligible to receive. You may be asked to log into your bank account or a fake IRS site and enter your bank details. The cybercriminals will have access to any details you share and later use it to clear out your bank account. Phishing links may also lead to clone websites. Clone websites, as the name suggests, are websites that look strikingly like original websites.

Here are a few tips to help you identify clone websites and steer clear of them: If you receive an email with a link to a familiar website asking you to log into the site or enter your personal information, cross check the URL. Check the spelling and domain, for example, amazon.com is the right URL, whereas a clone website may have a similar one such as amaazon.com or amazon-offer.com. Another thing you can do: always type the URL you intend to visit. For example, type your bank’s website address instead of clicking on the link provided to your email. 

Ransomware and other malware attacks. Cybercriminals also deploy various malware such as viruses, worms and trojan horses to attack IT networks. These malware usually enter the system disguised as genuine email attachments, links to file downloads, etc. and then corrupt the data. In the case of ransomware, as the name suggests, the malware attack goes beyond data corruption and the cybercriminals hold the data hostage and demand a ransom from the business for restoring data access. 

Take the Colonial Pipeline ransomware attack from a year ago as an example. While malware and phishing attacks have evolved over time and are constantly becoming more and more sophisticated, there are ways to protect your data from them. Here are a few best practices to follow that can help safeguard your business:

1. Install a strong firewall.

A firewall can help prevent unauthorized access to your network by monitoring access attempts and allowing or rejecting them. Firewalls are flexible in the sense that you can choose how stringent or lenient you want it to be in terms of limiting access. There are different kinds of firewalls, each serving a particular purpose and offering different protection levels. Firewalls basically work to block unauthorized traffic to your network based on various factors including Internet Protocol (IP) address, location and any other custom parameters you may choose. Without a good firewall, your network is essentially open like a soccer team without a goalie, exposed to anyone on the web, which puts you at serious risk.

2. Invest in antivirus software.

Antivirus software programs identify viruses and other malicious attachments cybercriminals may use to enter your system or network. Make sure you invest in a good end-point security platform that employs behavioral Artificial Intelligence (AI) technology to recognize malicious actions and patterns.

3. Implement backup and disaster recovery plan.

Leading business consultants stress the importance of having an up-to-date disaster recovery plan in place and consider it a part of the best practices for running a business. A business without a disaster recovery plan is actually just one mishap away from permanent shutdown.

While all the actions discussed above are important and you can’t afford to ignore them, it can be difficult to keep up with them and perform them consistently, especially when you have a business to run and are caught up in day-to-day operations. It makes sense in such a scenario to bring an experienced Managed Services Provider (MSP) on board who can help you with data security, training and general upkeep and maintenance of your IT infrastructure. 

About Peter Johns 7 Articles
Peter Johns is director of business development for Empower Information Systems, Inc., an information technology MSP offering businesses comprehensive technology services and consulting. Johns can be reached at 757-273-9399 (w), 757-871-5662 (c) or pjohns@empoweris.com. Visit Empower Information Systems at www.empoweris.com.

Be the first to comment

Leave a Reply

Your email address will not be published.


*