David Arnold, Director of David Allen IT Solutions, gives expert guidance on avoiding a cyber-attack

Having the right technology in place is vital to protecting your business from cyber-attack, but all the technology in the world won’t matter if your team is not vigilant about cyber security. Security awareness tools can be a valuable asset to allow your business to test where it is most vulnerable, whilst giving your staff the training they need to be cyber aware. 

Social Engineering via Email 

The most common cyber attack against your team is social engineering via email. Historically, attackers would try to send malicious links and code designed to gain access to your systems, but with improvements to email filtering solutions and anti-virus, this has become much more difficult to execute successfully. As a result, malicious actors have turned their focus to manipulating users to get what they want. These kinds of emails are typically well written, with no links or attachments, and are sent from legitimate sources such as gmail.com or outlook.com, making them extremely hard to filter. 

Since it is likely that these social engineering emails will reach your team, there are some quick tips they can use to stay vigilant: 

  • Were you expecting this email? 
  • Does the tone of the email match the sender’s normal email style? 
  • Is this a normal type of request from the sender? 
  • Is there a sense of urgency to make you act now? 
  • Is there a request to move the conversation away from email, for example to WhatsApp? 
  • Is your corporate email signature on the email? 
  • If you reply to the email, does the To: box show the email address you are expecting? 

In addition to delivering training to help staff stay vigilant, businesses are also choosing to run their own social engineering campaigns on their teams to identify where vulnerabilities exist. By sending each user a fake email each month, the business can understand which departments may be most vulnerable, and the types of content which users get caught out by. They can then provide training to help improve those areas. As well as drastically reducing the risk of a successful cyber-attack, this approach helps the business comply with various cyber security accreditations and insurance requirements. 

QR Codes 

On top of the email threat, attackers are using the ever growing adoption of QR codes to launch attacks on unsuspecting users. Whether that is via email to confirm a login or putting a physical QR code somewhere, the attacker just needs a user to scan the code to start progressing their goals. A recent example of this is restaurants, who use QR codes to access their digital menus and ordering process. Attackers stuck their malicious QR codes over the restaurants', and diners scanned them, believing they were safe to use.  

 In conjunction with Indelible Data, we are offering a free Cyber Security seminar, at Barclays Eagle Labs, Whitehaven, on 22 March 2023. The seminar will cover this topic and more to protect your business. We will also be hosting a free Cyber Security webinar with BIPC Cumbria in March. Tickets to both events are available on the EventBrite website.