Data Security, Technical 8th October 2018

Cryptolocker: Prevention Better than Cure

Stephen Gibson

Ever fancy writing back to one of those emails informing you that you’re only a few clicks away from claiming a missing fortune from a Nigerian prince super keen to share his fortunes with you?

No? Good.

How about clicking the link in an email congratulating you on being selected for a random lotto and all it will cost you is a small fortune to claim your even bigger fortune?

No again? Great.

Ok, well how about an email from “Telstra” – the branding is clean and eerily close to what you’d typically expect from them; it’s politely advising you that your last payment was not processed and a quick click then takes you to fill in some details on a website that again, looks legitimately like Telstra’s?

No again? Oh you’re good. But how confident are you in the ability of your entire staff/clients/family/friends to spot the forgery?

The tricks of the cybercriminal trade are getting good – really, horrifyingly good. And the malicious links and attachments are causing serious destruction to businesses every single day. In fact, according to the ACCC, Australian businesses have lost nearly $8 million this year alone over cyber attacks to gain your personal information.

Nearly all phishing emails contain ransomware and if you’re unlucky enough to fall prey to one of them, you can find yourself in the very real situation where your data is now in the hands of cybercriminals – your client information, employee information, everything…and what would you do to get that back?

What to do

To protect yourself and your business, the importance of vigilance and prevention is ultimately the best form of defence. As a start, here are some phishing red flags to arm yourself with:

  1. Who is the email from? Unless you know the sender or are expecting a particular email, such as an event registration etc, never click a link in an unknown sender’s email. Same rule applies to unsolicited attachments. Nooo touchy touchy!
  2. Dodgy hyperlinks – Hover your mouse over one of the hyperlinks – if the link-to address is to an unrelated website, this is a big red flag. Be wary of odd spelling too.
  3. When was it sent? – If someone is sending you emails at 3am, don’t open it. It is either a) a phishing scam or b) a drunk ex. Neither warrant your attention.
  4. Odd content or subject – Is the request being sent seem odd or illogical? Do you simply have that gut feeling that something isn’t right about it? Whenever your personal information is brought up in a non face-to-face capacity, your scam detector needs to be on alert.

An extra security measure is to restrict unnecessary employee access to sensitive data. For example, you wouldn’t give folder access of payroll details to the entire company, so apply the same principle to all sensitive contracts and forms. It’s not so much a matter of employee trust as mitigating unnecessary risk if security were to be breached.

We offer obligation-free assessments of business security practices and provide recommendations tailored to your business. To review the current state of your company’s data security, contact us and we’ll be there to help.

About Stephen Gibson

While AfterDark's trademark and catchphrase is 'Keeping IT Going', I'm always driving to do more for my clients than just that. Through reputation, great suppliers and hard work, our team at AfterDark Technology has delivered IT strategy, key technologies and help desk services to more clients'​ year on year since opening the doors in 2001. We love helping businesses use technology to be more profitable and efficient! Please contact me for a free introductory consultancy or if you would like to join our successful team.