Phishing continues to be a top exploit for small business breaches, and companies should take notice. Of the 360,000 spear phishing email attacks examined over a three-month period, the most common types were brand impersonation (83%) and business email compromise (11%). Such breaches can be leveraged to steal payment and personal information.
Here are some best practices for protecting your business:
1) Take advantage of AI
2) Don’t rely solely on traditional security
3) Deploy account-takeover protection
4) Use multi-factor authentication
5) Conduct proactive investigations
6) Train staffers to recognize and report cyber-attacks
7) Conduct proactive investigations
8) Maximize data-loss prevention
Call 716-373-4467 x 15 to review with a Databranch Security Expert!
With the breach of Reddit being disclosed this week, it’s key to remember the importance of robust cybersecurity, given that the hacker of the site was able to bypass 2FA. The actor was able to do this by using a method called ‘SMS intercept’ which is when the hacker is able to receive the text that contains the code for authentication. One way this is done is by SIM-swap, which is when the attacker convinces the phone provider that he is the target and applies their service to a new SIM card. Another method of attack is when bad actor impersonates the target and tricks the phone provider into transferring the target’s number to a new provider where the attacker is then able to access any 2FA codes coming into the phone.
A more secure alternative to SMS 2FA is app-based authentication through organizations such as Duo, which is not subject to the same vectors of attack. Stay vigilant out there, because SMS-intercept attacks are going to become more and more prevalent as they have been shown to be successful, and publicly too considering Reddit is one of the most popular sites on the internet.
Databranch has recently started offering a new Cyber Security offering. We will monitor your credentials in real-time on the Dark Web and notify you immediately when these critical assets are compromised, before they can be used for identity theft, data breaches, or other crime. Please call 716-373-4467 x 15, email firstname.lastname@example.org, or click here to get started!