Usherwood Blog | Usherwood Office Technology

The 3 most common cyber threats for businesses in 2021:

Written by Sarah Goltz, Content Manager | Dec 6, 2021 5:00:00 AM

Companies are being impacted by data breaches and other cyber threats more and more frequently. Why does it seem like it’s getting worse? Well, as technology becomes more advanced, so do the tactics used by network infiltrators. Suspicious emails, deceptive advertisements, and malicious downloads are becoming very hard to detect by the untrained eye. 

As a managed service provider, we are constantly training on new tactics and recognizing security threats. We use this information to help mitigate our clients’ risk of undergoing a cyber attack that could compromise their business. Some of the most common cyber threats that are taking place in 2021 are: 

  • Phishing
  • Ransomware
  • Malvertising

The best way to avoid cyber threats is to understand them. In this article, we will help you become more knowledgeable on the most common cyber threats affecting companies worldwide and how you can protect your business from these threats. 

  1. What is a phishing attack?  

Phishing is the act of sending out a deceptive email or using fraudulent website links with the intent that a user will click on it, allowing the hacker to gain access to company or personal information. Their main goal is to obtain login credentials, financial information, or any other sensitive data. 

 

The hacker will typically try to appear as a reputable company or familiar contact when they send out a phishing email so that they can pose as a legitimate source.  

 

How to protect against phishing 

One way to prevent your employees from falling for phishing scams is to have all team members go through cyber security training monthly and conduct monthly simulated phishing campaigns. The training will help your team identify a legitimate email from a phishing email. 

 

The simulated phishing campaigns will help you gauge how your team identifies phishing emails and which team members require additional training.  

 

Implementing MFA is another way to mitigate the risks from phishing emails. If a user accidentally releases any credentials, MFA requires that you provide two or more verification factors. 

 

This way, if someone at your company accidentally fell victim to a phishing attack and provided their credentials, the hacker would need to get through the other layers of authentication to gain access to an account. This will make it more difficult for the hacker to access your systems through a targeted user.  

 

 

  1. What is ransomware?  

Ransomware is a form of malicious software that encrypts devices on your network. It can block access to valuable information or files until a certain amount of money is paid to the ransomware hacker. Getting hit by a ransomware attack can happen to any person or business -small, medium, or large. 

 

Once they have gotten hold of your system, it can result in a significant loss of money and time until the system is back up and running correctly.  

 

How to protect against ransomware 

Ransomware will block access to a computer system or its files until the sum of money is paid. Your company should institute a process that contains multiple tools and policies that, in combination, help to protect against ransomware. The solution should also have antivirus software that will help to detect and block malicious software from being installed.  

 

In addition to the antivirus, utilizing a security agent will help block malicious internet requests at the DNS layer. This helps prevent ransomware at the earliest stage of potential infection. Microsoft Office 365 (ATP) Advanced Threat Protection should also be used to help detect and block malicious links and attachments from being sent to your email. 

 

While having multiple tools will help reduce your chance of getting infected with ransomware, you should also provide cyber security training to your teams and run simulated phishing attempts. This helps train your team to identify malicious emails and avoid clicking on malicious links and attachments inside of the emails.

  1. What is malware? 

Malware is any software designed to cause damage to a computer, server, user, or network. Malvertising is when malware is incorporated into an online advertisement.  

 

Malware is typically found on web browsers and other internet-connected programs that look like legitimate websites, which is why many people often get fooled. After clicking on something with malware, hackers can quickly access sensitive information such as usernames, passwords, credentials, and much more.  

 

Some prevalent places malware can be encrypted are: 

Pop-up ads: 

Websites often use pop-up ads to provide additional information on a product or service. They are a way to advertise online without being overly disruptive. You could begin getting unwanted or untrustworthy pop-ups by downloading content such as images, free music, or free movies, etc. 

 

These pop-ups can be malicious and, when clicked, may infect your computer with various viruses or give someone access to sensitive information. For this reason, it is essential to be careful with the sites you choose to visit and what you are clicking. 

 

Banners: 

Banner ads are used to attract people to click them. They can often highlight fake deals or coupon codes, fake warning signs to scare you into thinking you have a virus or just any content that will grab your attention. They can look real, so it is essential to be careful when clicking around on them.

 

Video Ads: 

Videos are an easy grab for the attraction of website viewers. Video ads often consist of games, sports, celebrity news, or even a current event that will incentivize you to click on them.

 

Inline Frames: 

An inline frame is an HTML feature used to embed videos, documents, and media into a page. You can include content from other sources and integrate the content anywhere within your page. Inline frames are a great tool, but they can be very harmful when hackers get a hold of them. Hackers embed inline frames with trafficked websites and redirect them to a malicious page. 

 

How to avoid malware attacks:

Many malware attacks take place from accidentally clicking on links that contain spyware. Installing software and avoiding suspicious browsers or links can significantly reduce your chances of a malware attack. Here are some helpful tips to avoid malware attacks: 

 

  • Install antivirus software to protect against some drive-by downloads or malicious codes. 
  • Install adblockers which will block all ads and minimize your risk of clicking them. 
  • Keep your browsers and plug-ins up to date to prevent malvertising attacks. 
  • Be careful not to click on anything that you are not 100 percent sure about- always err on the side of caution! 

 

How can my business mitigate the risk of a cyber attack?

As new forms of cyber threats appear, your business must be using the proper tools to mitigate the risk that they infiltrate your network. You can try your best to train your employees on best practices, but it is unlikely that they never accidentally find themselves falling for a phishing scam or malware attack. 

 

As a managed service provider, we recommend that businesses implement cybersecurity tools that detect and monitor any vulnerabilities on their network. This way, they are recognized before your employees get the chance to fall for a malicious attack. Many tools to detect cyber threats are becoming required for businesses to have for liability reasons.  

 

To learn more about what tools your business should use to stay safe from cyber-attacks, check out this article: The Best Cybersecurity Tools to Protect Your Business From Cyber Attacks.