Black Friday (24 November 2017) is marked with a flurry of online activity, which cybercriminals see as an opportunity to target victims using spear-phishing and malicious attachments harbouring ransomware.
Heino Gevers, customer experience manager at Mimecast, explains the sudden peak of year-end cybercrime: “Cybercriminals can use Black Friday to sneak into business systems unnoticed or activate malware, via unsuspecting consumers within an organisation.
“Employees will be hitting the digital malls on business devices and over business networks. They’ll click on dozens of marketing emails advertising ‘not-to-be-missed’ specials, increasing the likelihood of a successful phishing attack on an acidental malware download.”
A recent study by Mimecast and Vanson Bourne shows that 58% of organisations in South Africa saw an increase in untargeted phishing over the last year, while 53% noticed an increase in spear-phishing (malicious links targeted at an individual or organisation). Additionally, a third (32%) of organisations had sensitive data sent via email, by an employee, in response to a phishing attack. And Black Friday is peak phishing season, as marketing emails — legitimate and otherwise — flood inboxes.
Mimecast offers a few simple rules to make users more secure and more cyber-resilient:
* Employee training is your first line of defence – As hacking methods advance, a cursory look at an email address or website URL is simply not enough to ensure authenticity. Cleverly designed duplicate websites and often-unnoticed website redirects could see employees inadvertently handing over access to your organisation’s data or systems. It’s essential that businesses train employees on email-safety best practices and how to approach suspicious emails with a particularly critical eye.
* A multi-layered security approach is key – According to Gevers: “One of the best ways to keep businesses secure is layering of security. Start off with good firewalls, which should always be your first line of defence against a breach of your network, then add extra layers to email and the websites and apps your business uses. This layered approach makes the overall experience more secure for both vendor and customer.”
* Reliable data recovery is your best bargaining chip – Ransomware is fast becoming the most common and damaging form of cyberattack. But your attackers will have little bargaining power if they are unable to separate you from your data permanently. That’s why a secure and reliable archive is your best chance of tipping the scales in your favour. An always-available archive allows you to restore your data should disaster strike.
* Stay online no matter what – It’s not only the data or monetary loss that you need to consider, downtime could cost you productivity and potentially customers and revenue. Be prepared to quickly and seamlessly switch to an available service, should downtime due to a cyber-attack occur. A continuity solution allows access to everyday tools, like Microsoft Outlook or G-Suite by Google Cloud, in the event of an outage. If PCs or the broader network are affected, it’s useful to be able to access email through the web or mobile continuity apps.
