The start of the year holds the promise of new beginnings for everyone — including cybercriminals. Here are some of the top new threats your business must watch out for in 2020:
Smishing
Also known as SMS phishing, smishing is any attempt by someone (a smisher) to trick another into giving the latter’s private information to the former via text or SMS message. The smisher might claim to be someone you know, and that they’re only borrowing another person’s phone or using a brand new number. They might pose to be a bank representative or an agent for telecom or other popular services. For example, they’ll claim via text that charges are going to be made to your credit card every day to pay for a particular service, and, to verify the transaction, you’ll have to open the link they provided, log in, and review your account. However, the login page is fake and designed to steal your access credentials.
Whoever they pretend to be, their goal is to obtain credentials like online passwords as well as identifiers such as your Social Security number. Once the smisher has what they need to pass as you, they can hijack your business accounts or create new ones under your name.
To avoid getting smished, observe the following guidelines:
- Never tap links in SMS messages unless it’s from someone you know and that someone verifies that they indeed intended to send you that link.
- If you’re already using a full-service internet security service, apply it to your mobile devices as well.
- Use a virtual private network (VPN) to keep all communications between your phone and the internet safe from interception by hackers.
- Don’t install apps from SMS messages — download these straight from official app stores.
Infiltration via collaboration platforms
Instant messengers (e.g., Slack and Telegram) and cloud drives (e.g., Google Drive and Microsoft OneDrive) make sharing and collaborating on files so much easier as compared to wading through excruciatingly long email threads. Using these new tools is spiking upwards fast, with adoption rates signalling high levels of trust among users. This trust is what cybercriminals will take advantage of to infiltrate cloud networks.
In fact, certain types of ransomware are now being used to lock users out of shared files and drive folders. These bring collaboration efforts among teams and between staff and other stakeholders to a screeching halt unless a ransom is paid.
Malware-infested personal devices
You may have the latest antivirus programs and security monitoring protocols in place for your IT network, but if you are lax with your bring your own device (BYOD) policy, then you’re leaving your company vulnerable to attacks from within your firewalls.
Managers and business owners permit personnel to use their own personal devices for work because these contribute to productivity — and no one wants to put a damper on that. This makes personal devices the perfect Trojan horses for bypassing defences. Attackers won’t even have to target corporate accounts now. They can just inject popular websites with malware-carrying ads and proliferate malicious links via social media and personal emails to infect personal smartphones. And since the average user does not normally take extra measures to protect their device against infection, they tend to carry the malware all the way to your corporate network.
To address this, you need to implement strict security protocols before allowing a BYOD policy. You can use mobile device management (MDM) as well as identity and access management (IAM) tools to keep everyone in line when it comes to using personal devices for work. Any less will open your company to cyberthreats that’ll cost you far more than the productivity gained from your BYOD policy.
Be ready for 2020. Talk to our cybersecurity specialists at [company_short] to learn what your organisation needs to do to defend itself against the latest cyberthreats.