Phishing, malware and online pop-ups: 8 major technology security risks for your business
Technology has spawned numerous security risks such as phishing, social engineering and pretexting. Knowing about these risks is already half the battle when trying to avoid them.
Here is a list of the most common technology security risks you need to avoid.
Phishing is the use of fraudulent emails or phone calls to get sensitive information, such as bank account numbers, credit card information or passwords. Here is how it works:
- If you’ve ever gotten an email that says your account has been locked or that irregular activity was detected in your account, you may have been the target of a phishing attempt. These messages typically include a link to what appears to be a legitimate website where you’re asked to give account information or download malware (see more on that below).
- A phishing email or phone call may ask you to call a number to discuss a problem with your account. You might then be asked to reveal account details over the phone.
Phishing is a type of social engineering, which is an attack that uses misrepresentation to get sensitive information.
Pretexting involves the creation of a fake identity or scenario to fool a person into disclosing information.
For example, a fraudster may email or call your company claiming to be a supplier, survey firm, municipal inspector or insurance company to get sensitive data. A pretext attacker could also pose as a computer technician responding to a call for service to access your network.
Fraudsters may ask for little bits of information that don’t raise red flags, but over time, bit by bit, they’re trying to build a profile that could let them steal your identity.
Malicious software (or “malware”) is any software that has a harmful intent. It may steal or corrupt your business information, cause systems to fail or secretly record your computer activity. Malware typically infects a computer following a phishing attack or an employee accidentally downloading infected files.
Ransomware is software that blocks access to computers or files until a ransom is paid. In May 2017, a massive ransomware attack affected more than 100,000 organizations in at least 150 countries, costing billions of dollars.
A computer virus is another example of malware. This is a program designed to replicate through the Internet, damaging programs, deleting files or tying up system resources.
4. Online pop-ups
Malware can infect computers through a “pop-up” that appears while you’re browsing the Internet. A pop-up is a window that opens when you visit a website.
Most pop-ups are legitimate, but in some cases clicking on them can initiate a download of ransomware or a virus.
Pop-ups, for example, may claim your computer is infected with a virus. It will tell you that you need to download software to clean your system. That software will in fact be malware or a virus.
A twist on this ruse: A pop-up claiming to be from your Internet service provider says your computer has a virus and invites you to call a service number to deal with the problem. You may then be asked to provide identifying information or your credit card number.
5. Outsourced IT services
While many cloud service providers have good Internet security, not all of them do. You can be at risk if the provider has poor security, leaving your data vulnerable to an attack.
Depending on your agreement with the provider, their liability may be limited to your monthly fee and may not cover business interruption losses. If the provider suffers an attack, you may also be liable for compromises of customer data.
Businesses face similar risks if they contract outside technicians to service their IT needs. You could be vulnerable if IT personnel have poor training or don’t follow best practices.
6. Wifi and remote work
A poorly secured wifi system can leave your business vulnerable to a hacker within range of your network. A hacker could gain sensitive information, damage your systems or install ransomware.
If you access your business network remotely through an unsecure server, others could see your traffic and access your system. In a public area, you can be at risk if you go online through a “spoofed” Internet server—one set up to appear to be a legitimate wifi connection. Accessing the Internet via such a machine gives an attacker access to your system and possibly your business network.
Also be alert when working outside the office. Information can be compromised if you’re working on a train or plane or in a café, allowing a stranger to read what’s on your screen.
Badly chosen employee passwords can increase your company’s exposure to security risks. Many problems occur when employees choose passwords that are easily guessed by unauthorized people.
8. Old equipment
Disposing of old devices improperly can hand someone else all your business information. If information is very sensitive, deleting data or formatting the hard drive isn’t enough. You may want to go as far as physically destroying the computer or hiring an expert to do so.
Take action: Learn what you can do to prepare for IT risks.