Don’t let the cyber attack come as a surprise

Attempts to attack information systems happen daily. Whether the attacker’s motive is money or the spreading of false information, preparedness can reduce the risk of the attack succeeding and minimise the harm to the target company.

Employees are the most important security factors in the company. That’s why we share professional tips concerning cyber attacks. They benefit every company and every employee.

1. Be critical

It’s a good idea to question your supervisor’s actions sometimes – especially if a message in their name requests you to make a monetary transfer past the normal process. One of the key security guarantors is a healthy, critical attitude to all messages, whether in an email, SMS, IM or pop-up. Sender addresses, telephone numbers and contact details can be falsified. Recently, a typical method of cheating has been to increase trust by quoting a previous message thread that has somehow leaked. In cases of doubt, the information should be verified with the sender, for example, by telephone.

Don’t hesitate to contact your service provider’s IT support. Mtech’s support serves our customers gladly and at a low threshold. Thanks to log data, knowledge of other similar cases and the general security situation, we are better equipped to resolve issues than an individual person.

2. Handle your credentials responsibly

Personal user names and passwords are, indeed, personal. They are not to be handed over to others, and reliable parties never ask for them. If you open a link sent to you in an email and are requested to enter your username and password, you should consider whether the request is appropriate. You can confirm this by asking your IT support.

Not many people love the current password jungle, but you have to live with it. To further increase our negative feelings, many of us remember the old recommendation to make your password as complex as possible. However, in today’s world of data security, there is a consensus towards focusing on length rather than complexity.

The passphrase may be long, but easy to remember. However, a good password is not found in the dictionary, because cracking passwords with the help of dictionaries is commonplace. It is also advisable to consider password management applications, which enable you to have long and complex passwords that you do not need to remember yourself. Please do not use the same passwords in different services!

Multi-factor authentication should be deployed whenever offered. Many apps offer a “remember me” feature that makes authentication easier. Using it on a personal computer is quite safe. However, not even multi-factor authentication is fully fool-proof: a typical attack method is to bombard the user with continuous authentication requests until they get so annoyed and tired that they approve the request. If you suspect such a situation, please do not approve the requests but contact your IT support!

3. Bear your share of responsibility for your device

The user plays an important role in the safety of their device. If you receive notifications of missing updates, non-functioning security software, or other defects, do not ignore them. However, you should also be cautious about such notifications: for example, a notification that appears in your browser may be a scam and not actually generated by the browser or app you’re using.

In a typical email scam, you receive an innocent-looking email containing a link, and by clicking on the link you end up on a page that prompts you to download a malware or enter your password. Opening an email or clicking a link does not usually cause any damage if the apps’ data security is up to date. Downloading the software behind the link or entering a password, however, will cause damage. Even though the device’s security functions will try to prevent it, they are probably unable to do so. The development of data security functions is usually a step behind the development of attacks. Often, the link leads you to a page where you find friendly, credible and functional instructions to disable some of the security features. You should never follow them.

4. Was the scam successful? You can still save the situation!

Accidents happen to everyone. Even data security specialists have publicly stated that they have been scammed. In this case, however, it is of paramount importance to report the damage to IT support immediately. Banks have means to prevent international transfers, as long as they are informed of the fraud in good time. A leaked password rarely causes any concrete damage if you change it immediately. A malware that encrypts information may not be able to do much damage if it is addressed immediately.

Remember to also keep your backup storage up to date and secure! We offer easy and secure solutions for backing up your company’s data.

It is good to understand the attackers’ intentions also, so our previous blog post is also worth reading.

About the author

Image of: Teemu Pulliainen

Teemu Pulliainen

System expert
Mtech Digital Solutions Oy