Cybercriminals like to prey on distracted business owners during situations like our current pandemic. While many businesses are fighting just to stay open, hackers are using this time as an opportunity to breach unguarded data.

A quick Google search shows us that, “85% of Managed Service Providers report ransomware attacks as the most common malware threat to small to mid-size businesses (SMBs),” and, “The average payment to release files spiked to $84,116 in the last quarter of 2019, more than double what it was the previous quarter.” These are scary numbers, but they don’t reflect the real reasons why these attacks are surging: human error.

In last week’s blog, 2020 – The Year Everything Changed, we told you about an employee who received an email stating she had won a reward from Amazon. She was directed to open a form, enter her personal data, and in just a few days she’d receive her gift. Luckily, she didn’t fall for that trap. But many people do fall for these things. And a lot of them end up regretting it. Let’s take a look at some of the steps hackers use to entrap people into opening the door to their personal information.

Something Smells Phishy

The scenario above was clearly a Phishing Attack designed to catch someone off-guard so they’d send out their personal information. Currently, these types of Phishing Attacks are on the rise. In the last few weeks, we’ve seen amazing offers flood our email IN boxes and phone text messages. Usually disguised as gift cards, offers are designed to look like they came from Costco, Amazon, CVS, Apple, Macy’s, Netflix, Hulu, Disney, and more.

We’ve also seen Phishing emails claiming grandiose promises like; Free Credit Repair, Join Our Bitcoin Giveaway, Sign Our Petition, Your Pharmacy order is Ready, Refinance with our Low Rates, and so much more. These emails usually contain a bogus link or malicious attachment that will launch when you open it. Then you’re really screwed

While we work hard to block these types of emails from entering the businesses we work with, the biggest flaw in the security chain is how an employee responds to these fantastic offers. Human nature and curiosity are what hackers are hoping for, and it works all too often. That’s why educating staff members is as important as installing the latest upgrade on a firewall. The bottom line is, if something smells Phishy, it probably is.

Part of what we’re up against is that these emails are sometimes sent out by the millions. By playing the odds, hackers pretty much guarantee they’ll be rolling in cash soon.

Ransomware

The last few years have taught all of us to fear that word. From small to large businesses, from individuals to local and national governments, no one is safe from these threats. The main motivation for this type of attack is simple: hackers identify and attack victims who can give them a good return on their time invested. Yes, they’re concerned about their ROI just like we are.

When hackers hold an organization for ransom, the victim often ends up paying because they can’t afford to operate too long without productivity. They also don’t want everyone to know they’ve been breached. Lately, these attacks have become more sophisticated and demand more money to release the “hostage” data or systems.

According to our friends at Sophos, 54% of organizations have been hit by ransomware in the past year – twice on average. This shows us that the need for advanced protection isn’t going away. Unfortunately, our industry, MSPs, are part of those organizations that are being targeted. When one of us gets attacked and breached it leaves a stain on the whole industry. That’s why working with companies like Sophos is so important – they are constantly researching the latest threats, and finding solutions they can pass on to us so we can protect ourselves and our clients.

Where We Come In

If you haven’t spoken with your security provider lately we suggest you set up a meeting right away because there are a ton of new threats out there, and new solutions you may not be aware of.  One of the reasons we write these blogs is to remind you that, as a community, we cannot become complacent and sit idle while hackers are busy creating new and more devious ways to compromise our clients’ data.

It’s up to us to educate our clients about the threats of Phishing and Ransomware. If you are dealing with someone who either refuses to listen or who believes an attack will never happen to them, we have ways to show them that cyber-attackers are knocking on their firewall doors right now, and it’s just a matter of time before they get in. Use your tools to show that these threats are real. Use Dark Web scans to find stolen passwords. Do as much as you can to convince your clients that they need to take these threats seriously.

Protecting our clients is what we do. By staying on top of the current threats and solutions we can better serve those who need our help. And we also need to make sure our house is in order and we are as secure as we can possibly be. We can even use ourselves as a model of security when we talk to prospects and clients. Show them the number of attacks you are getting each day, then show them how your security has blocked those threats. Whatever you do, don’t ever give up, because we all know these threats will never stop.