Rise in Remote Working Makes Cyber Security Everyone’s Responsibility

Due to the COVID-19 pandemic, lockdowns around the world have resulted in an increased reliance on remote working and digital platforms.

article image

 

Unfortunately cyber criminals are taking advantage of this and therefore businesses have been urged to make cyber security even more of a priority than it was before. It’s not only up to companies to take cyber security seriously though, individuals need to educate themselves and be aware that they are all likely targets for cyber attackers, whether it’s their personal data or their finances which are at risk.

 

A common misconception about cyber attackers is that they use sophisticated tools and techniques to hack into someone’s computer, devices or accounts. Actually, these fraudsters have learnt that the easiest way to steal a person’s information or infect their systems is by simply misleading them into doing it for them – and for this they use a technique called social engineering.

What is social engineering?

Social engineering is when an attacker tricks a person into doing something through various manipulation techniques. Think of them as modern-day con artists – because today’s technology makes it considerably easier for any cyber attacker from anywhere in the world, to pretend to be anything or anyone they want.

Social engineering attacks are not limited to phone calls or email, they can happen in any form including WhatsApp, text message, over social media, or even in person. The key is to know what clues to look out for.

Common clues of a social engineering attack

If something seems suspicious or doesn’t feel quite right, it may be an attack. The most common clues include:

  • A sense of urgency or crisis. The attackers are attempting to rush you into making a mistake.
  • Pressure to bypass or ignore security policies or procedures you’re expected to follow at work.
  • Requests for sensitive information they should not have access to, or should already know, such as your account numbers or company login details.
  • A generic salutation like “Dear Customer.” Most companies or friends contacting you will address you by your name.
  • An email or message from a friend or co-worker that you know, but the message doesn’t sound like them. Perhaps the wording is unusual, or the signature is incorrect, or they’re using a personal email address.
  • The message states it comes from an official organisation, but has poor grammar or spelling, or uses a personal or different email address.
  • The message comes from an official email (such as your boss) but has a “Reply-To” address going to someone’s personal email account.  Always check the email address closely.
  • Playing on your curiosity or something too good to be true. For example, an email saying you’ve won a prize in a competition that you never entered, or that you’re due an unexpected refund.

If you suspect someone is trying to trick you, keep a copy of the communication for your records but do not communicate with the person.

What Is Phishing?

Phishing is a form of social engineering, where an attacker uses email or a messaging service to deceive you into taking an action that you should not take, such as clicking on a malicious link, sharing your password, or opening an infected email attachment. Cyber attackers work hard to make these messages convincing and tap into your emotional triggers, such as fear, urgency, curiosity or flattery. They make it look like as if it came from someone you know, such as a friend or a trusted company you frequently use. They could even add logos of your bank or forge the email address to ensure the message appears more legitimate.

There are two major types of cyber attackers to be aware of:

  • Cyber criminals: They want to make as much money as possible, by stealing from your bank or retirement accounts, creating a credit card in your name and spending your money, or hacking your social media or gaming accounts and selling them to other criminals.
  • Targeted attackers: These are highly trained cyber attackers, often working for governments, criminal syndicates, or competitors targeting you at work. The information you handle at work may have tremendous value to different companies or governments, even though it may not seem obvious to you.

If you are at all suspicious of a message, call the sender to verify who sent it. It is easy for a cyber attacker to create a fake online message that appears to be from a friend or co-worker, that’s why it’s so important to pick up the phone and check.

Cybercrime is only going to rise, as the world embraces all things digital and the 4th industrial revolution. That’s why it’s important that you’re aware of the risks you face, so you can protect both your interests and your finances.

Share now
About the Author
avatar

Maston Lane

Group and Bank Chief Operating Officer, Sasfin Group

Related Articles
articles image

National Health Insurance – Finding A Workable Healthcare Model for SA

By Charleen Rix

articles image

5 Ways to Boost your Resilience at Work

By Geneviev Du Toit

©2019 Sasfin. All right reserved. Financial Services Provider (FSP) 23833 and Registered Credit Provider NCRCP22

;