In these times, the Holidays bring scammers and hackers out in force. Hackers don’t discriminate, but there are practical steps that can be taken to counter them, in advance. 

While the holidays are a wonderful time to celebrate with family and friends, it’s also the time of year when hackers and scammers are out in full force. Small businesses and their employees are particularly at risk – because hackers don’t discriminate.
Whether you’re in education, manufacturing, banking, government or other professional services, cybersecurity is no longer an “option.”
Businesses need to ensure they stay secure. In recent exchanges, a local cybersecurity company, Alias Forensics Inc. ( ), shared professional tips to avoid common scams.
With the massive growth and adaptation of technology, businesses today are at a huge disadvantage when it comes to protecting their data from cyberattacks. Now is the time, more than ever, to be aware of how your business stores and secures data and to have your computer network checked for security flaws and vulnerabilities.
Hackers work every day to ensure the newest scam is even more successful than the last via Trojan virus, malware, email phishing techniques, password breaches and vulnerable servers.
So how will you know if your business has been compromised? It’s easy to accidentally click a bad link or visit a malicious site. Routine monitoring of your network allows you to have “eyes” on the inside of your business.
Below are some common scams to be aware of during this holiday season, what to look for in a scammer and how to avoid becoming their next victim.
Common scams
One of the top scams, malware, encompasses various types of attacks including spyware, ransomware, viruses, trojans and worms. Malware uses a vulnerability to breach a network when a user clicks a “planted” dangerous link or email attachment, which is then used to install malicious software inside the system.
Hackers will pose as anything to get you to click on a link or open a document. For example, they may pose as a charitable organization asking for a donation or as a company executive sending out your annual bonus. Shipping notifications like UPS or DHL - both email and text message – are also common. And shopping deals that seem too good to be true are often a scam.
Malware and malicious files inside a computer system can deny access to critical components of the network, obtain information by retrieving data from the hard drive, and disrupt the system or render it inoperable.
Phishing attacks involve sending mass amounts of fraudulent emails to unsuspecting users, disguised as coming from a reliable source. These fraudulent emails often appear to be legitimate, but they link the recipient to a malicious file or script designed to grant attackers access to your device to control it or gather recon, install malicious scripts and files, or extract data such as user information and financial information.
Social networks and online communities are also vulnerable to phishing attacks via direct messages sent from other users with hidden intent. These sites are often leveraged to collect information about your work, hobbies, interests and activities, giving attackers an edge on convincing you they’re who they say they are. Phishing can also take place by phone call or text message.
Password attacks are the most common and widespread method of gaining access to a secure information system, making them an attractive target for cyber attackers. By accessing your password, an attacker can gain entry to confidential or critical data and systems, including the ability to manipulate and control data systems.
Password attackers use a variety of methods to identify an individual password, including social engineering, accessing password databases, testing the network connection to obtain unencrypted passwords, or simply guessing.
Best Practices for Avoiding Cyber Scams
Security awareness training
One of your best lines of defense are your employees. The holidays are a great time for you to implement training or hire a company to review the most common scams and what people should do to avoid them.
Ask employees to:
• Check links before clicking them;
• Check email addresses;
• Use common sense before sending sensitive information. If a request seems odd, it probably is. Check with the person in question before responding to the request.
Update software and systems
Often cyberattacks happen because systems or software are not fully updated. Hackers exploit these weaknesses to gain access to the network. Once they are in, it’s often too late to take preventative action.
Install a firewall
There are so many different types of sophisticated data breaches and new ones surface every day and even make comebacks. Putting your network behind a firewall is one of the most effective ways to defend from cyberattacks. A firewall system will block any password breaches made on your network before it can do damage.
Backup data
In the event of a cyberattack, your data must be backed up to avoid downtime, loss of data and serious financial loss.
Wi-Fi security
Most individuals have a Wi-Fi-enabled device and that’s precisely the danger -- any device can get infected by connecting to a network, particularly an unsecured public Wi-Fi network. Connecting to an unsecured Wi-Fi network can potentially give hackers access to usernames, passwords, texts and other information. If the infected device then connects to your business network, the entire system is at serious risk. Securing Wi-Fi networks and hiding them is one of the safest things to do.
Implementing good cybersecurity practices should be a top priority for businesses as we approach 2022. For next year, businesses should consider bringing in a third-party security company – perhaps the able staff at Alias Infosec – such as Alias Infosec -- to assess risk ahead of time. (They are available for inquiries by telephone at4405-261-9517, or reach out via email: .)
Bottom line: A risk assessment or vulnerability assessment will tell you some of the easy ways hackers can access your network as well as how you can fix them.
AliasInfosec is an Oklahoma City company with “customized cybersecurity and incident response solutions.”

Recommended for you

(0) comments

Welcome to the discussion.

Keep it Clean. Please avoid obscene, vulgar, lewd, racist or sexually-oriented language.
Don't Threaten. Threats of harming another person will not be tolerated.
Be Truthful. Don't knowingly lie about anyone or anything.
Be Nice. No racism, sexism or any sort of -ism that is degrading to another person.
Be Proactive. Use the 'Report' link on each comment to let us know of abusive posts.
Share with Us. We'd love to hear eyewitness accounts, the history behind an article.