Since the pandemic began, the number of people working remotely from their homes has increased drastically. We've discussed in previous blog posts how remote workers have become increased targets of phishing and other email scams. An FBI report states that in 2020 alone, Americans lost $1.8 billion dollars in business email scams. Meanwhile, the Canadian Anti-Fraud Center reported that Canadians lost $37M from both personal and work email scams in 2020. And those numbers continue to rise. Most of them are what’s called "social engineering scams." Let's have a look at why these scams are so successful, how to prevent them, and what to do if someone in your company falls victim to them.
What Is a Social Engineering Scam?
Rather than physically hacking a network or a computer, social engineering scams play on human psychology to fool people into giving access or giving away sensitive information to the hacker. An example of this would be an email that looks convincing but is actually fraudulent. These scams work best when there is pressure or a threat associated with it. For example, an imposter email from Canada Post could claim a parcel is on hold and can only be delivered in a certain time frame if a dollar amount is paid for the processing fee. Or, an email from an imposter CRA account could make it sound like you’re in trouble with the law.
These emails usually copy the formatting of a legitimate message so they appear authentic, causing you to overlook the unusual request within the email. Social engineering scams can also apply other techniques, including fake phone calls, copycat websites, etc., to convince employees to divulge sensitive information to a seemingly legitimate source. They’re also becoming more advanced and increasingly difficult to spot.
What Happens When There Is a Data Breach?
Once a scammer has gained access to your private business network, they can steal a range of important information, including the personal information of employees and clients, social insurance numbers, credit card and financial information, email addresses, phone numbers, and proprietary business data that you process or store within your company's network. A data breach can cost both your business and your customers money and time. An incident is also likely to severely damage your reputation as a business.
How to Know if You've Had a Data Breach
If you suspect you've experienced a data breach, watch closely for any unusual activity on your networks, data logs, sign-in attempts, etc. Have your IT team investigate (or hire an IT firm in Edmonton to investigate) any suspicious activity for you. If anyone on your team opens an email attachment that was sent by an unknown user, treat it like a cyber attack and have your IT team take action immediately, even if you aren’t sure there has been a breach.
What to Do if You Experience a Data Breach
If you have a dedicated IT team, they should have a data loss plan in place for the event of a data breach. Ask them to review and update their plan if it hasn't been discussed in a while. If you outsource your IT management, set up a meeting with your firm and ask what their protocols are and how to proceed. The main steps will usually include containment, reporting, and assessing for further or future risks.
How to Avoid Data Breaches
There are a few ways you can protect your business and avoid data breaches:
Create a bring-your-own-device policy for employees to follow while working from home.
Educate your teams on social engineering tactics and how to spot fraudulent emails.
Train your teams on how to respond to a potential data breach.
Encourage employees to report suspicious activity without the fear of reprimand.
The more you talk about security issues with your employees, the more vigilant they'll be when opening emails, talking to third parties, and using their own devices.
Your Cybersecurity Experts in Edmonton, Alberta
If you don't have a dedicated IT team or just need extra support, contact us here at Alt-Tech Inc. We're experts at network security management and monitoring for various sectors. Browse our IT services to see how we can best help you.
Photo by Michael Geiger on Unsplash