While most of us are thinking about beach weather, travel, and holiday experiences, there’s also something else that needs our attention – summer is high season for hackers. There is a greater likelihood of attacks and a greater chance of success for the attackers, says Jan Terje Sæterbø, security manager at F24 Nordics. Let’s consider the points of vulnerability:
- Everyone is on holiday. This makes the company more vulnerable, whether it is staffed with temporary summer workers or running at half capacity. If an attack happens now, there’s a greater chance that there won’t be anyone working to detect and stop it.
- Security and preparedness are often not at the forefront of minds during the summer holidays. It is easy to relax security routines. At the same time, employees often travel to areas with poor internet security. Employees who remain in the office, whether permanent or summer temps, are often assigned new tasks that are normally performed by others. For example, when summer interns take over in the accounting or finance department, it might so happen that they are not adept in the security best practises. It is no coincidence that the holiday season is a peak time for fake invoices.
- Many businesses, especially in the tourism sector, make a large part of their turnover during the hectic summer months. If the online shop or booking system is shut down by hackers, this can result in huge losses. So, it makes sense for hackers to attack during summer, with the mindset that the bigger the loss, the more willing companies are to pay.
But it is not just traditional data breaches that increase during the holiday season. Recently we have seen an increase in financial fraud attempts in general, and this is also high season in the summer months, says Sæterbø:
“One of the most effective ways for a malicious actor to make money from a successful cyber-attack is to gain access to the emails of key people in accounting, finance or management positions” – he says.
The primary target of the fraud is then one or more employees who have access to transfer large sums of money for an organisation, usually someone in the accounting or finance department.
A common process is:
1. An attacker gains access to an accountant’s email inbox.
2. The attacker searches the mailbox for potential targets.
3. Once a target is selected (e.g. a customer), the attacker creates a fake email that appears to be the employee’s legitimate email.
4. The attacker establishes an ongoing dialogue between the employee and the customer.
5. Convincing the customer to change payment details
6. The customer sends future payments to a bank account controlled by the attacker.
You can be exposed to this type of fraud both as a supplier and as a customer. Taking a few simple steps can help protect against cyber fraud, and Sæterbø emphasises the following four points:
- Inform customers that you will never ask them to change their payment details by email – remind them regularly.
- Put controls in place to ensure that suppliers’ payment details cannot be changed without confirmation by calling a number on the company’s official website.
- Ensure that your staff are trained to recognise and report sophisticated phishing emails – test them regularly with simulated phishing campaigns.
- Ensure that access to shared mailboxes and distribution groups is carefully managed.
Even if you are lucky enough to dodge a cyber-attack, the summer holidays will still present you with other challenges that you should be aware of, says Sæterbø:
As many people go on holiday, it can be a challenge to know how to reach key employees. It can also quickly become a challenge to inform all employees quickly and efficiently if you have a situation where the company network and e-mail cannot be used. You should therefore have alternative channels in place to keep everyone informed, using a solution that is separate from your normal IT operations.
In cooperation with the Norwegian Business and Industrial Security Council (NSR), F24 has developed a checklist for cyber attacks. Here you will also find suggestions for the text of messages to be sent to employees and customers, as well as a list of important contact persons. Remember that if you are affected by a cyber attack, you cannot use the company email to inform your own employees – you MUST use an external service.
If you use F24 platforms as a preparedness tool, notification and preparedness management will take place in a tool that is separate from your normal IT operations. This tool will not be affected, ensuring that you can take the necessary measures to deal with the situation. The suggestions for checklists and notification texts can be entered as ready-made templates and activated at the touch of a button.
Get in touch with us if you want to know more about how our software solutions can help you monitor security threats and deal with cyber attacks.
Contributed by F24 Experts
F24 is Europe’s leading Software-as-a-Service (SaaS) provider for resilience. More than 5,500 customers worldwide rely on F24’s digital solutions, which support companies and organisations through all areas of resilience. Solutions cover business messaging and service notification, emergency and mass notification, incident and crisis management, as well as governance, risk and compliance.