By Mark Brown, Founder of Psybersafe
The banking and finance sectors are more at risk of a cybersecurity breach than any other sector because of the amount of sensitive financial data they handle. That threat has increased since the Covid pandemic as more people have moved their businesses online. In fact, according to recent research by VM Ware, attacks against the finance sector increased 238% globally from February to the end of April 2020 and 80% of financial institutions reported an increase in cyberattacks in that time.
Remote working has given – and will continue to give – hackers and scammers a great opportunity to do more business. That’s because our habits are naturally different when we work from home. We no longer get the everyday psychological signals that put us in a ‘security first’ frame of mind – things like key passes to get into the office, no signing in and out. No seeing other people lock their laptops when they leave their desks, and no big warning signs about cyber security from IT.
The loss of these signals, and the familiarity and comfort of being at home means all of us, whoever we work for, tend to be more relaxed at home. And hackers know this. Our wifi connections are likely to be less secure. We’re more likely to be distracted, and we may not report worries as quickly as we should.
It really doesn’t matter how you are planning to work in the future. Wherever they are based, your people could be the target of a cyber scam and if you work in the finance sector, you are a bigger target than others. As long as the scams continue to work and continue to make money for criminals – and criminals make millions from their activities – it remains vital that people have the tools and behaviours they need to spot potential issues and protect both their individual and their organisation’s data.
The most important tool in your defence against online attacks should be in training staff to spot the tell-tale signs of a phishing email or potential malware attack. It could potentially save you thousands of pounds. Teaching them to act differently is as important as ensuring you have the right cyber technology in place.
Working in cyber security for financial institutions, I have seen first hand that just knowing what to look out for isn’t enough – if businesses want to make a real difference, they need to invest in behaviour-change training that focuses on ‘doing’ and embedding different behaviours in their team. By creating permanent changes in staff attitudes and behaviour towards online security it will be far more difficult for criminals to find a way in.
The most common issue that comes up time and again is that of phishing and it is often the cause of cyber attacks, because it is so easy and cheap for a cyber criminal to do. Below are some tips on how to spot the genuine from the fake:
- To check if an email is genuine or not, start by hovering over the email address to see if it looks genuine. Often, you’ll find that the email address hidden underneath a name bears no resemblance to the company it is supposed to be from.
- If the email address looks genuine – and hackers can be very good at this but something feels wrong, check the content carefully for spelling mistakes or odd phrases that don’t read properly. Look at how they’ve addressed the email: is it specific to an individual or, could it be to anyone? These are often the tell-tale signs of a hacker.
- Don’t trust links and attachments just because they come with genuine looking emails. Ask the following questions:
- Are you expecting something from this person?
- Hover over the weblink to see where it leads.
- Hover over the email address to see if it’s genuine
- Does the attachment name look like something you’re expecting?
- Are they asking for personal information?
- Are they trying to create a sense of urgency?
If anything looks “off” then don’t take the risk.
- Criminals can also make fake websites look very realistic. So type the link you know into your browser yourself.
- Finally, make sure your staff know who to contact and how, should they suspect they may have become a victim of a cyber attack. We’re all human, we all make mistakes and the cyber criminals are very sophisticated. So be prepared.
We know that flexible working is here to stay, and while that makes your organisation potentially more vulnerable to cyber attack, you should still see it as an opportunity. Just make sure that you give cyber security the time and attention it deserves – and that means paying attention to training your people as well as ensuring your IT systems are secure.
Remember, around 90% of successful attacks are down to human error. Now is the perfect time for organisations to do what they can to avoid being part of that statistic