In today’s digital era, where payments and messages are just a few clicks away, our vulnerability to cyber threats has never been more apparent. Coupled with the Singapore government’s push for more companies to move towards digitalisation, the risks of falling prey to cybercriminals have since escalated greatly too.
Cybercriminals could exploit not just your business finances, but also gain illegal access to confidential and valuable information such as financial statements, personal salary details and even trade secrets.
Given such potential risks, it is important for us to understand how to safeguard ourselves against digital threats in our workplace.
Financial Motivation: Seeking monetary benefits through activities such as, stealing credit card information, making fraudulent transactions or using ransom attempts.
Personal Grudges: Settling personal grudges by targeting individuals or institutions.
Corporate Sabotage: Gathering sensitive business information, trade secrets or intellectual property so as to benefit competitors or to sell for monetary gains.
Let us find out the methods that cybercriminals commonly use to steal our data.
1. Social Engineering
Social engineering involves exploiting trust to deceive someone. For instance, you might receive a call from someone who claimed to be your company’s HR, asking for your financial details in order to give you a bonus. How should you respond to such scenarios? Let us explore common attacks and how we could prevent them:
Pretexting/ Phishing/ Vishing/ Spear Phishing
- Type of Attack: Generally known for fraudulent attempts to obtain information by posing as a trustworthy entity.
- Example: A cybercriminal posing as an IT support agent emails, texts, or calls an employee, claiming that there's an urgent need for their login credentials to address a system issue.
- How to Prevent: Be skeptical of unexpected emails or messages and always verify the source before performing any further actions. Additionally, you could also subscribe to web protection through cybersecurity software such as K-Shield to block phishing links.
Dumpster Diving
- Type of Attack: Searching trash for valuable information.
- Example: A person searches through discarded paperwork in the company's trash, finding documents with sensitive client information.
- How to Prevent: Shred sensitive documents, and ensure digital devices have their information wiped clean before disposal.
Identity Theft
- Type of Attack: Unauthorised use of personal information for fraudulent activities.
- Example: A cybercriminal gains access to an employee's personal details online and uses them to create a fake online account, making unauthorised purchases.
- How to Prevent: Safeguard documents and shred sensitive paperwork. Regularly monitor bank statements and credit reports.
Baiting
- Type of Attack: Offering enticing items to trick individuals into disclosing information.
- Example: You find a website that lets you install free apps on your computer, thereby unknowingly installing malware and releasing company information to the cybercriminal.
- How to Prevent: Avoid downloading from untrusted sources and be cautious of too-good-to-be-true offers.
2. DEVICE THREATS
All of us are heavily reliant on devices such as laptops, tablets and mobile phones. These devices make it convenient for us to store information, such as multiple credit cards or passwords. However, such convenience provides an easy target for cybercriminals. Let us explore the possible device threats that you might encounter:
Risks of Using Personal Devices for Work:
Using your personal device for work purposes poses a risk. In the event of a security breach, you stand to lose both your personal and work data. To minimise these risks, consider keeping personal and work information on separate devices or introduce additional security measures like two-factor authentication (2FA) on your devices.
Bluetooth Vulnerabilities:
Bluetooth is vulnerable to exploits such as bluejacking (unsolicited messages), bluesnarfing (information copying), bluebugging (full control for unauthorised calls) and bluesmacking (Denial of Service). Before connecting to a bluetooth device in public, always ensure that you are connecting to a trusted device.
Public Wi-Fi Risks:
Public Wi-Fi presents security risks like eavesdropping and data interception, potentially exposing sensitive information to threats, such as online ransom and identity theft. For example, when working at a coffee shop with free Wi-Fi, avoid using the Wi-Fi to protect the privacy and your data.
3. Software Threats
Knowing which tools to use to defend yourself against such cybersecurity risks is essential to having a secure device system. The software tools mentioned below are designed to detect and prevent potential threats, ensuring the security of your data.
Anti-virus Software:
The most common add-on tool that detects and removes malicious software, ensuring files and email attachments are secure. An example is K-Shield which scans your device daily to prevent unwanted intrusion.
Firewall:
A setting that controls network traffic, acting as a barrier against unauthorised access. It is a good control against attacks, such as suspicious links from phishing emails.
Pop-up Blockers:
This add-on tool helps to prevent intrusive ads, reduce distractions and avoids potential malware sources from websites that you might visit. This helps in mitigating the risk of inadvertently downloading harmful software.
Anti-spam Software:
This add-on tool helps to filter unwanted emails, minimising phishing risks and ensuring secure communication between staff.
Keeping Yourself Safe
In conclusion, safeguarding against cyberattacks involves adopting multiple approaches.
Firstly, ensure that you stay informed about new and existing social engineering attacks. Secondly, protect your devices in public spaces where cybercriminals might easily target them. Finally, use software tools and settings to add an additional layer of protection against cyberattacks.
Contact us at 6515 7906 or enquiry@361dc.com to learn how you could start improving your cybersecurity now!
