SMEs are also victims of hacker attacks using disguised work emails. Training the awareness of the employees is a preventive measure in the foreground.
Cyber crime is an underestimated risk factor, especially for start-ups and small and medium-sized enterprises. Michael Krausz, Managing Director of Information Security Consulting, a Viennese consulting company for information security in the digital sector, shares this view. “Hackers are usually more creative than the defenders” and the consequences of insufficient protection in the digital world are enormous, says Michael Krausz. It’s regarding financial and immaterial damage and the fact that sometimes sensitive data often ends up unprotected on the dark web.
Investing in a firewall, spam filter and virus protection is one of the most important cornerstones for secure digital work. Regular security updates are a matter of course in the IT industry.
Hackers and the company register
At the heart of most cyberattacks is the ransom demand to get back the stolen data. A company’s entry in the commercial register plays a decisive role here: professional hackers research the company’s turnover there, for example. And that often determines the amount of the ransom. Another target of the hackers are company secrets such as technical blueprints and recipes.
E-mails can largely be the carrier of cyber attacks. This was also the case with the cyber attack on the Carinthian state administration. It is enough, explains Michael Krausz, “to click on a link in what appears to be a business e-mail, and the attack then starts in the background without anyone noticing at first.”
According to Krausz, ransomware is complex malware that is activated in the background by a wrong click and often only triggers the attack following six months. Usually, the cyber attack starts when you click on a link in the email. However, opening the email itself can also trigger ransomware. But this is extremely rare.
Potentially dangerous e-mails can be recognized by the fact that there is a difference between the sender name and the e-mail address from which it was sent. Malicious software in the packaging of a link can be uncovered by moving the cursor over the link (computer scientists call this hovering) and it leads to a website other than that described. In order to prevent the attack, it is important not to open so-called ransomware that hides behind the links.
Another method to protect yourself from a cyber attack is to generate a separate password for each account. Failure to do so would be like using the bicycle key as a home and work key. A two-factor authentication can replace a password in the classic sense. The user must use fingerprint or face recognition as well as a PIN. This authentication follows the principle: Use something the user has and something they know. As an alternative, there is the password safe, which was developed as an application to manage passwords. It can be installed locally or store the encrypted passwords on the cloud.
During a cyber attack, data is exfiltrated and then encrypted. So-called penetration tests give entrepreneurs the opportunity to check their software for security gaps in order to prevent an attack. Krausz sees an underestimated source of danger in older tools and laboratory equipment, the new acquisition of which is not profitable. They offer hackers a wide attack surface.
Michael Krausz advises companies to train their employees and raise their awareness of cyber attacks via e-mail: “This is the best prevention, since sending ransomware is one of the most common methods used by hackers.”