In the process of developing Threat Evolution – Magenta Security’s new specialist cyber security division – our company has learned an entirely new set of terminology to identify, describe and combat the many threats that lurk in the virtual business environment.
While years of preparation and education have made the language of cyber security second nature to us, we have realised through conversations with clients that many in the business world find themselves befuddled by the lingo, putting them at a tremendous disadvantage when it comes to implementing cyber security measures.
Below, you’ll find three common cyber security terms, what they mean and some introductory information on how these virtual threats can be prevented.
Phishing is the use of an email that appears to be from a legitimate source but is in fact an attempt to entice the recipient into sharing valuable information or installing malware (malicious software). Typically, the recipient will be encouraged to follow a link that takes them to a website where the actual scam or malware infection takes place.
Some phishing schemes are deliberately obvious about their intentions because they target the most vulnerable and thus most likely to be fooled into compromising themselves, but many are complex, professionally-designed schemes designed to trick higher value individuals and organisations.
For example, a phishing email can be designed to look identical to an email from a service provider or an internal company email, right down to a sender email address that, at a glance, looks legitimate. The links within may take the recipient to an equally legitimate-looking website.
Education is the most effective tool at preventing phishing schemes. All staff should receive mandatory training on how to identify a phishing email and be provided with a reporting process to alert the company to any suspicious communications.
Ransomware is software that threatens or obstructs an individual or organisation in order to extract payment – an old-fashioned ransom given a 21st century coat of paint. Payments are typically delivered via cryptocurrency, making it incredibly difficult to identify the perpetrators.
Threats usually come in the form of publishing compromising information on the individual or organisation, while obstruction involves shutting down virtual systems so that business-as-usual is impossible. It is often more costly to remove ransomware than simply pay the ransom, so ransomware prevention focuses on avoiding the software from being installed in the first place.
Ransomware is most often spread via phishing schemes, so preventing phishing is step one to preventing ransomware. On top of that, you should make sure that software cannot be installed on work computers without approval from a systems administrator.
A data leak is when valuable data is stolen and shared – often publicly – in order to facilitate identify theft and fraud via user login information or to damage the victim directly through revealing sensitive information. The leak can be for its own sake or used as a threat in a ransomware attack.
To prevent a data leak, you must ensure that all sensitive information – especially that of clients – is stored securely with access to it strictly managed. While data leaks often occur as a result of phishing schemes or ransomware attacks, they can also result from disgruntled ex-employees who still have access to their business accounts.
You may want to consider cloud or server solutions for your data storage so that no sensitive files are stored locally, making them more difficult to access. If local storage is necessary for your business, ensure that all files and all network activity is protected by up to date encryption software and all users are trained in data loss prevention strategies.
At Magenta Security, we offer protection from all the above and more via Threat Evolution, our new specialist cyber security division. To learn more it call our specialist cyber security team on 0333 090 8340 today.
Magenta Security provide award winning security services throughout the UK. We are in the top 5% of ACS approved contractors and were the first security company in Europe to be awarded ISO 14001 for our environmental management systems.