Everyone knows what a cyber attack is. After all, we constantly hear about data breaches and cybersecurity threats in the news. But how do hackers actually execute these attacks?
In this video and corresponding blog post, Security Architect Sean Jacobs explains just how easy it is for hackers to gain entry into most businesses—plus how you can make strides towards protecting yours.
Why is it so Easy for Hackers to Gain Entry Into Many Businesses?
There’s a saying that your employees are the frontline of your cyber defense. This couldn’t be more true! Because employees are the core of any business, they’re often the main target for cyber criminals—and since many employees simply aren’t aware of cyber security threats and best practices for avoiding them, that makes for a pretty easy target. So, making sure your employees are up-to-date with cyber security knowledge, trained to recognize threats, and know how to actually avoid them is essential.
Common Ways Hackers Gain Entry Into Businesses
Sean Jacobs says the most common cyber threat businesses see is credential harvesting, also referred to as phishing attacks. In fact, Verizon’s 2019 Data Breach Investigations Report shows that nearly one third of the data breaches in 2018 involved phishing activity. This threat is so common because it’s easy for hackers to execute (they can use bots that send out thousands of phishing emails at a time) and even easier for employees to fall for.
What is Credential Harvesting?
Credential harvesting is a type of fraud in which a hacker attempts to gather personal information or login credentials by impersonating a legitimate brand and sending users to a malicious website through an illegitimate link. When a user clicks on that link and logs into their account, they’re essentially handing their password over to the bad guys.
What Happens After Credentials Have Been Harvested?
Once one of your employees clicks a malicious link and enters their login credentials, the hacker will then have access to everything in those accounts. This includes their contacts, documents, files, etc.
If it’s an email account, many hackers will also set up a rule that forwards all of the emails somewhere else. This means they are “harvesting” all of the emails that are coming to that user. Hackers will wait for an email with information they can actually act on, such as login credentials to another account or confidential business data.
What is an Example of Credential Harvesting?
A common example of credential harvesting is the Office 365 phishing attack. A hacker will send an email to one of your employees that appears to be from Microsoft, asking them to log in to their Office 365 account. When they click on the link in the email, it takes them to a fake Office 365 login page. Once they login, their credentials are harvested.
These attacks are so easy to fall for because they’ll have Microsoft branding and logos that look incredibly realistic both in the email and on the phishing page. So, an untrained employee won’t be able to recognize the email as a phishing attempt.
How Can Your Prevent Hackers from Infiltrating Your Organization Through Credential Harvesting?
What can you do to prevent credential harvesting and phishing attacks in your own organization? Educating your employees is a key component.
First, train your employees on what phishing attacks are and how to identify them. This should be a continuous process, not just a one-time training. Hackers and their methods are always evolving, which means your employees will need regular training to up-to-date on the latest threats.
You should also put a clear system in place for how to report attacks when they happen. Simply deleting the email is not the solution—IT needs to know that your company is being targeted. So, make sure your employees know that they need to contact your IT department immediately if they receive a suspicious email. Then, IT can look into the threat and take appropriate action.
Employees should also receive on-the-fly training if an attack or breach actually does occur. If an employee clicks on a phishing link, they should receive immediate feedback and additional training. Review the fraudulent email with them, show them the red flags that they missed, and provide additional training to help them avoid falling for the same kind of attack in the future.
Protect Your Business from Credential Harvesting with Microsoft Hardware and Software!
Business security should always be one of your top priorities, especially in today’s digitally-driven world where cyber threats are a daily occurrence. Luckily, your business can combat these security threats by leveraging the right Microsoft tools and technology.
For example, the Microsoft Surface family of devices come equipped with security features that are robust and incredibly valuable to your business. When using a Microsoft Surface device with built-in LTE, employees working remotely or on-the-go can avoid having to connect to public Wi-Fi networks altogether. This keeps your data more secure and makes it possible to avoid “man-in-the-middle” attacks.
Surface devices also come equipped with a built-in firewall, anti-malware solution, and automatic updates. This means your team members will have access to the newest Teams and Office 365 security features on their Surface devices—as soon as they are rolled out.
When using Office 365 for Business on a Surface device, it also includes multi-factor authentication. This can be used to provide another layer of security to usernames and passwords that can be so easily compromised. This tier also includes phishing email protection in the Outlook tool! So, in order to have access to enhanced security measures for your Surface devices, you should strongly consider upgrading to a higher tier of Office 365 software if you're currently utilizing a more basic plan.
As a Microsoft Certified Partner, our goal at Protected Trust is to create a transformative solution for your business with the help of Microsoft’s tools and vision. That includes protecting your information from unauthorized access! Our team is always here to help you craft a cybersecurity plan, then effectively carry it out using Microsoft hardware and software.
Ready to transform the way your business protects its confidential data? Contact us today!