SMB Cyber Summit
I recently gave a presentation on Business Continuity for the SMB Cyber Summit. If you are interested in learning more about Cyber Security from a Small/ Medium Business perspective then take a look at this free online summit.
In addition to the presentation, I have offered four E-Book’s for free download on the following topics:
- Business Continuity and Risk Management
- How to choose a Business Continuity Plan Template
- Pandemic Planning Guide
- Recovery Time Objective and Maximum Tolerable Period of Disruption
You can download these e-books using the pop-up on this page.
Phishing Email
In the below video, I have included a story about how I fell for a phishing email on the first day of coronavirus lock-down in New Zealand.
It seemed like a legitimate email that came from somebody I had dealt with previously. However, the request was strange and the link was requesting login details. I tried to call the sender, but because it was the day lock-down was first announced the phone lines were over-loaded and nothing would connect.
I replied to the email, asking if it was sent in error and received a reply that this was something I needed to check out. As soon as I entered my credentials I knew I had made a mistake. I quickly changed the compromised password, another similar password, set up two factor authentication and checked my login records.
Thankfully, I have been using a password manager for a couple of years now. This makes creating and storing long, complicated passwords very simple.
This blog by Fire Eye provides more detailed information about how to protect yourself and your company from phishing emails.
Fake web-page
Another example that I have personally fallen for, many years ago – is the fake web-page. Unfortunately, I googled my bank when I was living in the UK and found myself on a fake login page. It looked a lot like my regular login page, with some slight variations.
When I entered my details, I was still able to access my accounts.
The next day, all of my money was transferred out of my bank account! It was a horrible situation and a stressful few days before finding out the bank was going to reimburse the funds.
Communication
Martin Petts of F24 gives an example of how people can be tricked into sending money:
When communication is difficult, such as situations where many people are working remotely, there is an opportunity for people to take advantage. One tactic is to send a fake email demanding immediate payment. This email could appear to come from a critical supplier or somebody high up in your own organization.
If there is something that looks suspicious – then internal communication is key. Double check the legitimacy of a message with one or two relevant people within your organization. This is especially important if there is a demand for payment at short notice. Even if the email looks like it is coming from someone you know or someone high up in your own organization, you should still double check.
Once you have established the legitimacy of the email, it will be clear if you should be making payment or not.
If you want to increase your Organizational Resilience, start with preparing a Business Continuity Plan and check out BCP Builder’s Business Continuity Planning Templates.
