With major routes heading through the region as well as busy ports, logistic companies make up a key company demographic in the East. And as shops reopen after the lock down, business is going to increase which means that as well as being busier delivering, logistics companies are going to be busier fending off cyber-attacks.
Phishing is by far the most common cyber attack across all sectors and size of business.
Metacompliance found that 91% of cyber attacks started with a phishing campaign.
Most people probably haven’t been victim to a traditional crime type such as a burglary, but I would be confident that everyone has been subject to a phishing attack, via emails, texts, voice calls or even social media.
Phishing at its most basic is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.
You might have heard of phishing, vishing, smishing, quishing, spear phishing, whaling, but all the names mean is that there are a lot of different ways that a cyber-criminal is going to try and trick you. Criminals use all communication methods, so if a new method comes out, you can be sure a criminal will be there trying to exploit it. And these criminals are experts in getting us to act in the way they want, whether that is clicking a link or downloading an attachment.
Criminals use information from all over to create phishing messages. Knowing what information about you and your company can be found by a criminal can be very useful in understanding what information could be included within a phish.
For example, would you believe an email as genuine if it contained your username and password in it? Did you know that if your details have been released in a data breach, usernames and passwords are just one thing that could be known, along with your IP address, address, telephone number, in fact, any sensitive information you might give to a company?
If your company has published that you have just signed a new company, xyzlogistics, as a client, a criminal could use that information to create a fake domain, xyslogistics, to trick you into communicating with them.
Would you click on a link which talked about the new road fund licences for hauliers?
If a message contains any of the following, really think before you click:
The Eastern Cyber Resilience Centre provides both individual and corporate internet discovery and as we use local students it is affordable for all companies. Find out more here.
Access to your systems and money.
Phishing messages are usually designed to get you to click a link or download an attachment. They hope to either steal your login credentials or install malware on your systems, and once they are in your system, stealing your data is likely the next step for them.
All phishing depends on an element of social engineering or interaction with a person, so you really need to make staff engagement and upskilling a priority.
Did you know that your local police force have Protect officers who will do free staff awareness training? Or if you would like a series of training sessions the ECRC has affordable student services who can deliver a bespoke training session tailored to your company and the risks it faces.
Have a plan in place to deal with phishing attempts and successful attacks. Make sure your staff know how to report an attack and don’t put barriers in place to reporting, such as disciplinary action.
Phishing attacks can be very sophisticated and extremely difficult to guard against, but making sure you know how and when an attack has taken place means that you can react in the right way. You really don’t want a staff member too scared to report a successful phishing attack and letting an attacker have an extended period of time in your systems.
The National Cyber Security Centre (NCSC) have created an enterprise Outlook add-in for staff to be able to report email phishing directly from their email box. The NCSC will the actively seek to disrupt the criminals sending these messages, protecting you from them as well as the wider community.
And you can report more than emails.
Also, consider your technical defence by implementing DMARC, SPF, DKIM, TLS, you might need to raise these with your IT support. To read the NCSC guidance about these terms and how you can implement them click on the links below:
If you wanted to test your and your staff’s knowledge about phishing why not have a go at our just for fun phishing quiz?
You can contact the Cyber Resilience Centre for guidance and support through our e-mail enquiries@ecrcentre.co.uk or use our online booking system to make an appointment with one of our team.
We also provide free guidance on our website and we would always encourage you to sign up for our free core membership.
Core members receive regular updates which include the latest guidance, news, and security updates. Our core membership has been tailored for businesses and charities of all sizes who are based across the seven counties in the East of England.
Click to Open Code Editor