By Kadian Douglas, prinicipal with CLA Tampa
As cyberattacks become more frequent, and sophisticated, cybersecurity awareness is critical for organizations to help protect their assets and reputation. Be alert for cybercriminals looking to commit criminal activities by exploiting companies.
Watch for social engineering and phishing attacks
An organization’s most valuable assets are at risk: data and reputation. Criminals want the data and will try to damage reputations to get it.
The most successful attack method continues to be social engineering. Phishing attacks often provoke emotional responses, which may interfere with critical thinking.
Uncertainty around financial markets could lead reasonable individuals to click an email link that says their bank is closing or their account has a zero balance. These links could lead to a spoofed website where they may be asked to enter usernames and passwords or to download a malicious file. These files may contain malware that could set up a backdoor from the target’s computer where the cybercriminal could run commands remotely.
Look out for suspicious phone calls
Criminals may call an organization, pretending to be a vendor or customer, requesting sensitive or confidential information or try to get the target to break other security protocols. In such attempts, the attacker could then use this information, or unauthorized access, to perpetrate a deeper attack.
Cybercriminals also may email or call a customer pretending to be a representative from the organization informing them of an issue and demanding sensitive or private information.
In times of high stress, cybercriminals will leverage news platforms, social media applications, email and business websites to identify targets and develop new and uncommon attack methods.
Take steps to help protect from cyber threats
To counter the risks of social engineering, consider these steps:
- Actively train employees and customers to identify email phishing, fictitious phone calls and malicious websites.
- Continue to strengthen technical controls, including preventing malicious emails from reaching an employee’s inbox, blocking newly registered domains, removing malicious file types like executables (.exe) and inserting banners that warn to be cautious of emails from senders outside the organization.
- Have your information technology department adopt hardening standards on networks, business applications, servers and end points and remediate vulnerabilities with regular scanning and patching.
- Cultivate a proactive cybersecurity culture by leveraging intelligence platforms, regulatory guidance and peer networks to maintain a mature, informed and prepared security posture.
The cybersecurity risks of tomorrow will not be limited to high-profile banks. Cyberthreats will continue to test the mettle of organizations across all industries. You’ll need vigilance from management, layered security controls, informed customers and savvy employees to help protect assets and preserve the organization’s reputation.
How we can help
Protecting your critical assets from cybersecurity threats is not getting easier. CLA has experienced industry specialized teams, supporting various organizations not only to evaluate controls but also assist with handling cyberattack responses and important technical infrastructure to protect the perimeters of the organization. Learn more about CLA’s cybersecurity services.
For more information on cybersecurity, in Tampa, contact Kadian Douglas at [email protected] or 813-384-2735.
The information contained herein is general in nature and is not intended, and should not be construed, as legal, accounting, investment or tax advice or opinion provided by CliftonLarsonAllen LLP (CLA) to the reader. For more information, visit CLAconnect.com.
CLA exists to create opportunities for our clients, our people and our communities through our industry-focused wealth advisory, digital, audit, tax, consulting and outsourcing services. CLA (CliftonLarsonAllen LLP) is an independent network member of CLA Global. See CLAglobal.com/disclaimer. Investment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment advisor.