Published: December 15, 2023
Our new bulletin Cyber Threat Watch has been created to help small businesses stay up to date on the latest threats, news, and events affecting their business. The content has been curated to make cybersecurity easy and accessible for both technical and nontechnical readers.
Featured Cyber News — Phishing
Phishing exploits are the leading cybercrime as reported by the FBI (IC3) for 2022, and 2023 is projected to eclipse previous years’ stats. Social engineering, particularly through phishing, remains a prevalent method for malicious actors to compromise systems and networks, typically through email and deploying malware.
Are we prepared? Probably not. The NCSS believes now is the time for businesses to develop and implement a dedicated, comprehensive anti-phishing program—wherein all users are educated on the severe threat posed by phishing, enabled to identify social engineering red flags, and prevented from being the next victim.
This bulletin includes exemplars from leading experts. DHS (CISA) recently released a new guide, Stopping the Attack Cycle at Phase One, a comprehensive guide on phishing. At the core of the guide is a repeatable employee training program.
Another tool developed by KnowBe4, Social Engineering Red Flags (see here), can be shared with all employees and their partners—customers, suppliers, and their extended network.
NIST’s contribution to this body of knowledge is The NIST Phish Scale—a methodology to rate an “email’s phishing detection difficulty” as part of a cybersecurity awareness and phishing training program. To utilize this free resource, see this link available from NIST.
In addition to improving our knowledge of phishing, businesses need to enable multi-factor authentication (MFA) across multiple platforms. A strong password can only get you so far. MFA or two-factor authentication (2FA) is a simple step in hardening the defenses against criminal activities.
The NCSS and our industry partners (Nonprofit Cyber) are working to share tips and tools to improve our global security. The #MoreThanAPassword campaign was recently designed to encourage users to take advantage of these simple steps:
-
-
- Secure Email Accounts
- Phishing-resistant MFA: Enable MFA, particularly for privileged accounts, that are often associated with system administrators, executives, or other high-level roles who have elevated access rights to sensitive systems and data.
- Use Password-Free Authentication
- Use passkeys—that leverage cryptography
- Add Layers of Security—use network segmentation
- Use a Password Manager—many available
- Use Passphrases—create strong passwords
- Hacked? Move fast to change passwords and call the credit reporting agencies to put a credit freeze on all your accounts.
- Secure Email Accounts
-
Lastly, phishing attacks often exploit weak MFA implementations. Despite the security enhancements MFA offers, it can be vulnerable if not configured correctly. We recommend you leverage Managed Security Service Providers. We have partners who can help, here.
It is crucial that all stakeholders be educated about phishing, which involves malicious actors posing as trustworthy sources to trick victims into interacting with malicious links or email attachments. The consequences of such attacks can range from initial access and data theft to system damage, reputational harm, privilege escalation, and/or service disruption. We hope you found this bulletin helpful and consider becoming a member. Membership sign-up can be found here.
For more information about NCSS tips and tools, see our Small Business page or visit www.nationalcybersecuritysociety.org.
About the NCSS
The National Cybersecurity Society (NCSS) is committed to improving the online safety and security of the small business community through education, awareness, and advocacy. As a 501(3)(c) organization, the NCSS uses funds from charitable donations and grants to develop educational materials, webinars, weekly cyber tips, videos, and how-to-guides. The organization’s goal is to enable and empower small and medium businesses to obtain cybersecurity services, assist them in understanding their cyber risk, and advise on the type of protection needed. We want to continue to grow our community and encourage you to tell other small businesses we are here to help.
The NCSS is committed to respecting the use of images in our communication efforts. Accordingly, unless otherwise specifically noted, the graphics in our bulletin are sourced under license from Adobe Stock. The header and footer images were designed and purchased through a contract with Eyedea Advertising & Design Studio.