The food and retail sector is having a hard time at the moment, with rising prices seemingly everywhere and the pandemic altering our shopping behaviours, no one is sure whether it will be boom or bust. But one thing is certain, cyber criminals will take any opportunity to attack.

By far the most common way is via phishing.

According to Proofpoint’s 2022 State of the Phish,

91% of UK survey respondents said their organisation faced bulk phishing attacks in 2021.

And retailers, with the use of personalisation and payment details are a lucrative target.

What is Phishing?

Criminals pretend to be a legitimate person or organisation to get you to do something. This might be clicking a link, visiting a website, or opening the attachment. Whatever they want you to do the result is likely to be the same, access to your system for them. And with bulk phishing they only need one person to do what they want, and the network could be theirs.

But there are things which you can do to stop an inadvertent click turning into a disaster.

Real-life

Recently one of our partners had a user who “clicked the link”.

They were sent an email with an attachment which they opened.

The attachment auto-saved malware onto the network (the user didn’t have to do anything).

But because the user didn’t have permissions to install the programme, it just sat there, not able to do anything. Until the Anti-Virus scanned it.

Interestingly, the anti-virus (AV) has a slightly higher permission level to the user, and this caused the virus to start doing its job, but it was quarantined by the AV almost immediately with little impact on the company.

This could have been drastically different had the user had admin permissions or if the company didn’t have any anti-virus. It is also a good demonstration that it is not just users who have permissions, programmes do to.

Fiona Bail, the Head of cyber and innovation at the ECRC, is asking companies,

“How would your company’s defences stand up if the same thing happened in your business?”

Who can help?

The ECRC is a not-for-profit police-led company with the aim of helping small and medium businesses put fundamental cyber resilience controls in place. In the same way that you can have a on-premises business security assessment from a crime prevention officer, the ECRC wants to help you put the locks and alarms on company’s digital assets.

And companies can join for FREE, no strings or obligations attached.

If you’re not sure why you should join us, have a chat with us first or download our Essential Retail Cyber Guide for 2022. It has the key threats and top tips for small retailers.

Policing led – business focused