Some organisations have chosen to keep operating remotely while others have decided to return to the office, yet almost all businesses are continuing to rely on the internet to function. 

As a result, it comes as no surprise that security breaches remain a huge concern for businesses across the globe. According to research by gov.uk, cyber crime continues to pose a serious threat to organisations with four in ten businesses reporting cyber security breaches or attacks between 2020 and 2021. 

So, how can we keep our businesses safe? 

Specialists at Custard Technical Services have analysed internal data over the past year to reveal how businesses can better protect themselves from online scams and security breaches.

Here’s 6 things to look out for:

  1. Which Roles are Targeted in an Organisation?

The team at Custard discovered that most of the hackers were motivated by money, targeting employees that had access to the company’s funds. 58% of those targeted worked in the accounts department and had a director named in the scam email.  Those in finance departments must be very cautious when answering any emails as they are at the greatest risk of receiving scam emails.

However, it is not just the members of the accounts department that need be careful as the remaining 42% of victims were randomly placed within the organisations.

  1. Which Businesses are Most Vulnerable?

Unfortunately, no one is safe as all companies of every size and in any sector are targeted whether they are working remotely, hybrid or in the office; anyone can fall victim to cybercrime. 

  1. What to Look Out For:

The most common type of scam email accounted for 72% of all the scams detected: the crypto scam. These tend to start with sentences such as ‘you have been recorded on your webcam doing things you shouldn’t’ and proceed to threaten to leak this data to all your contacts if a payment is not made. 

Cryptocurrency is a digital currency that is usually exchanged online, over the phone or computer, without an intermediary such as a bank. A famous example of this would be bitcoin. 

Cryptoscams involve criminals requesting or stealing money from people via cryptocurrencies. What is particularly concerning about this type of fraud is that most cryptocurrency payments are irreversible and generally are not protected by The Financial Conduct Authority. As a result, it is very unlikely that victims of these scams could recover any money lost. Be wary of anyone insisting that funds be transferred via crypto currencies.

The second most common scam, known as the Impersonation Scam, is very difficult to detect. It involves a fraudster pretending to be a member of the organisation using email spoofing. Email spoofing is when an attacker forges an email and makes it look like it has been sent by someone else, usually making it appear as an internal email.

These emails often impersonated the directors of companies and requested members of the accounts department to make urgent payments.  Be particularly cautious when dealing with financial requests and resist any pressure to act immediately.

  1. Most Common Type of Security Breach

Weak passwords were responsible for four in five non-MFA client breaches. This method is automated and relatively easy to implement. While it would take a very long time for a single hacker or even a team of cyber criminals to manually trial each password/username combination, they can rapidly speed up the process by using automated robotic networks known as botnets.

Hackers use botnets to automate mass attacks that test lists of common passwords and usernames on many websites until there is a match. This enables cybercriminals to work out login credentials quickly and gain access to accounts relatively easily. Once these hackers have entered the system, it is almost impossible to know what information has been compromised or affected. 

The final 18% of breaches were caused by personally targeted emails.

  1. Passwords You Should Never Use

Some passwords are more likely to be hacked than others because they are made up of common character combinations or their composition is too simple. Security application provider, Nord Pass, has investigated password trends and uncovered 2021’s most hacked passwords across the globe. If you are using any of the passwords on this list, we advise you to change them immediately; they would take less than a second to break.

Research found that the most commonly hacked password was 123456 which was used by a staggering 103,170,552 unfortunate users. Next, came 123456789, closely followed by 12345. In fourth place was a similarly obvious combo, qwerty, while in fifth was the old classic: password.

To lower the risk of security breaches, be sure to create a safe password. Investigations by data journalist, Katharina Buchholz, have revealed that passwords of 8 characters or less containing no uppercase letters can be cracked instantaneously. The more characters, symbols and variations in a password, the greater the potential combinations. Simply adding an upper-case letter and a number to passwords of 8 characters can increase this time to an hour, while also adding a symbol can bring it to 8 hours.  It is advised that passwords should be 16 characters or more and include a combination of letters, numbers and characters.

  1. How Can I Protect My Business?

To keep companies safe, our specialists recommend implementing an MFA system. For those of you who are unaware, Multifactor Authentication (MFA) is a verification method. It acts as a security measure by requiring users to follow multiple verification steps before gaining access to resources, creating a multi-layered system of defence that reduces the likelihood of unauthorised people gaining access to important information or data.

While 100% safety can never be guaranteed, MFA massively lowers the risk of scams: 90% of the companies targeted did not have MFA installed. What’s more, not a single client with an MFA password was attacked repeatedly whereas those who did not have this added layer of protection were attacked continuously.

About Custard Technical Services

Custard Technical Services is an award-winning IT support and security company that offers market-leading solutions to UK and international partners. The organisation is headquartered in Nottingham and London and has been assisting businesses with everything from IT infrastructure to disaster recovery planning for over two decades.