RIA Workspace

Blog

  • What’s the best document storage solution for your RIA?

    What’s the best document storage solution for your RIA?

    If you’re in the business of providing financial advice to individuals and companies, then you know that a big part of your job is managing client documents. You need a reliable document storage solution that can help you stay organized and keep track of everything while also giving easy access and sharing options for your team.

    There are a handful of document storage systems on the market that cater to registered investment advisors (RIAs), and it can be tough to decide which one is right for you. To help you make the best choice, we’ve compiled a list of the best options available, along with their key features.

    Box

    Box is an online storage and collaboration platform that offers unlimited storage space and fine control over who can access and edit files. The platform also has robust search and discovery tools, so you can easily find the documents you’re looking for.

    Box integrates with a number of popular customer relationship management (CRM) and financial planning software solutions, making it a good option if you already have an established workflow around these tools.

    Docupace

    Specifically designed for wealth management firms, Docupace is a cloud-based document management solution that touts powerful search and workflow capabilities, as well as integration with top financial planning software. It also features sophisticated document security measures, such as government-level encryption and granular access controls, which enable you to easily comply with Securities and Exchange Commission (SEC) and Financial Industry Regulatory Authority (FINRA) regulations.

    Dropbox

    With over 700 million registered users, Dropbox is one of the most popular cloud file hosting services. It offers unlimited storage space and file-sharing capabilities, plus advanced version control and collaboration tools.

    Dropbox is easy to use, so it’s a great choice if you’re looking for something that your team can use without too much training.

    Egnyte

    Egnyte is a comprehensive content management and sharing solution that allows you to store, organize, and access your files from anywhere. Its key features include multilevel security, advanced search capabilities, and integration with CRM, enterprise resource planning (ERP), and other business systems.

    Google Drive

    Perhaps the most well-known cloud storage solution, Google Drive provides online file storage and collaboration capabilities, together with integration with a number of Google applications. The service also has functional search and discovery tools as well as mobile access, so you can stay connected on the go. With its large user base and low pricing, you can’t go wrong with Google Drive.

    Laserfiche

    A leading document management and business process automation solution, Laserfiche offers a number of features tailored for RIAs, such as electronic signature capture and secure document sharing. The platform also has sophisticated search and analytics capabilities in addition to integration with many popular CRM, ERP, and accounting software solutions, allowing you to easily configure it to fit into your existing workflow.

    NetDocuments

    Many legal professionals rely on NetDocuments for their content management needs, and the platform is well suited to RIAs as well. It has impressive versioning capabilities and advanced security and compliance features that enable you to easily meet SEC and FINRA regulations. Additionally, NetDocuments was recognized by Gartner as a Magic Quadrant Niche Player in Content Services Platforms.

    Redtail Imaging

    From the same company behind the popular CRM solution Redtail CRM, Redtail Imaging is an electronic document storage solution specifically designed for financial services firms. It has a range of features that make it an attractive choice for RIAs, such as document tagging and advanced search capabilities, seamless integration with Redtail CRM, and secure document sharing.

    ShareFile

    ShareFile is a cloud-based content collaboration platform from Citrix. It brings together secure cloud storage, information rights management, and document collaboration tools into one unified solution. In fact, ShareFile boasts bank-level security and can be configured to comply with various industry regulations, including those from FINRA, the Consumer Financial Protection Bureau, and more.

    SharePoint

    Microsoft’s enterprise content management solution SharePoint is a versatile platform that can be used for document storage, collaboration, workflow automation, and more. While it’s a bit more complex to set up than other solutions, SharePoint offers a range of features that make it well worth the effort. It’s known for its robust search capabilities, flexible sharing options, refined version control features, and excellent security, making it one of the best storage solutions available.

    Our top pick

    We at RIA WorkSpace believe that SharePoint is an exceptional document storage solution for RIAs. It’s feature-rich, secure, and compliant with industry regulations. It’s also highly customizable, so you can tailor the platform to fit your unique workflow. And if you have a Microsoft 365 subscription, then SharePoint might already be part of your plan and you can start using it right away. 

    At the end of the day, it’s important to choose a document storage solution that meets your RIA firm’s needs. All of the options presented here have their own strengths and weaknesses, so take the time to evaluate them and decide which one will work best for you.

    Still can’t decide? Send us a message and we’ll be glad to help you out.

  • How to keep your RIA firm’s data safe from disgruntled employees

    How to keep your RIA firm’s data safe from disgruntled employees

    In recent years, plenty of high-profile data breaches have made the headlines, from the Snowden Leaks to the 2022 Cash App data breach. Many of these breaches were carried out by former employees who had access to sensitive data and decided to misuse their privileges.

    As a registered investment advisor (RIA), you have a wealth of client data at your fingertips, and it is your duty to keep this data safe from unauthorized access. It’s therefore essential that you have measures in place to prevent your RIA firm’s data from falling into the wrong hands — and that starts with protecting it from disgruntled employees.

    Why do employees steal data?

    There are a number of reasons why your employees might steal your firm’s data. For one, they may simply be curious about what information your firm has and decide to look through it without permission. On the other hand, they may be angry or upset about a recent firing or demotion, or they may be planning to leave the firm and share your clients’ data with their new company.

    Employees may also steal data in an attempt to blackmail your firm. For instance, they may threaten to release sensitive client information unless you meet their financial demands. They may also try to sell intellectual or proprietary data to third parties, such as competitors or identity thieves, to make a quick buck. However, employees may also be coerced or tricked by outsiders into stealing data, such as if they receive a phishing email that sets them up to reveal login credentials.

    Whatever the reason, data theft can have devastating consequences for your firm. Not only could it lead to hefty fines from regulators, but it could also damage your firm’s reputation and result in the loss of clients.

    How can you protect your RIA firm’s data from insider threats?

    Employees with malicious intent are a major security threat to any organization, but there are measures you can take to protect your firm’s data from them.

    The foremost defense against data theft is restricting employee access to sensitive data. If an employee doesn’t need certain data to do their work, don’t give them access to it. You should also carefully monitor employee access to data and flag any unusual activity. For instance, if an employee who normally doesn’t have access to client data repeatedly tries to view it, that could be a sign that they’re up to something. Regularly review access permissions to make sure they’re still appropriate and revoke access for any employees who no longer need it.

    In addition, you should encrypt all sensitive data, both at rest and in transit. That way, even if an employee does manage to steal data, it will be unusable without the decryption key. Also, require employees to use strong passwords and enable multifactor authentication whenever possible to further secure their accounts.

    Finally, consider using Microsoft Intune to prevent data leakage. Intune is a cloud solution that helps you secure and manage all mobile devices, desktop computers, and virtual endpoints connected to your network, whether these are company-owned or personal devices. 

    With Intune, you can create app protection policies that control how data can be accessed and used within specific apps. For example, you can prevent employees from copying, printing, or screenshotting data from Excel spreadsheets or accessing data when they’re connected to an unsecured Wi-Fi network. You can also remotely wipe data from a lost or stolen device and block certain apps from being installed on company-owned devices.

    When setting up app protection policies, aim to strike a balance between security and usability. If the policies are too restrictive, employees will find ways to work around them or may simply refuse to use the protected apps. However, if the policies are too lax, they won’t be effective at preventing data leakage.

    To find the perfect balance, consider enlisting an IT partner that specializes in RIA security, like RIA WorkSpace. Our team of experts can help you assess your firm’s specific security needs and create custom app protection policies that will protect your data without impeding productivity.

    By taking proactive measures to prevent data theft, you can safeguard your firm against the potentially devastating consequences of a breach.

    For more information on how to protect your RIA firm from disgruntled employees and other security threats, get in touch with RIA WorkSpace today.

  • Online payment scams – SCAM OF THE MONTH

    Online payment scams – SCAM OF THE MONTH

    Carlos was scrolling through his phone when an email notification popped up on the screen from a well-known online payment platform. He went to the email and saw that it was an invoice for a recent purchase.
    Since he had recently made a purchase through the platform, Carlos assumed this must be the invoice for that item. The seller’s name sounded familiar, and the amount seemed correct. Carlos clicked on the “View and Pay Invoice” button and made the payment.

    The next day, Carlos was checking his bank account and realized he had already paid for the item last week. He went back to the email from the day before and saw that it included a customer service phone number to call if the invoice was not correct. He called the number on the email to dispute the invoice and explain the situation.

    The person who answered the phone seemed helpful and told Carlos that he could reverse the transaction. All he needed to do was input the card number and details that the refund would be made to. Carlos provided his card information and left the conversation happy that the issue was resolved. Or so he thought.

     

    Did you spot the red flags?

    • Carlos did not confirm what the payment request was for. He assumed it was for a past purchase without double checking the payment amount or seller name.
    • Carlos did not check the website that the “View and Pay Invoice” button led him to for signs of a fake website. He assumed it was the legitimate payment platform.
    • By calling the phone number on an email that he already knew was suspicious, Carlos put himself at even more at risk.

     

    What you should know about this scam

    Always confirm customer service numbers before calling. Avoid giving away credit card details to unconfirmed phone numbers.

    Keep track of your online purchases and payments. Always keep record of payments and invoices in case any issues occur.

    Scammers are creating fake profiles on popular online payment platforms. They are even impersonating real people and businesses. Be cautious of unsolicited requests or messages from payment platforms.

  • Common quick-fix IT problems at RIA firms

    Common quick-fix IT problems at RIA firms

    As a registered investment advisor (RIA), you rely on your computer systems to do your job effectively and efficiently. But what happens when something goes wrong? From printing problems to data syncing errors, day-to-day IT issues can throw a wrench into your workflow.

    We work mostly with RIAs with between 5 and 25 people, and when we start working with them, there are some common small issues that they’ve been struggling with.  Below is a cheat sheet of the most common IT problems RIAs have told us they struggled with, and how to solve them. Bookmark this page for quick reference the next time you come across an IT issue.

    Printing

    Many printing issues can be resolved by restarting your printer or computer. Doing so will refresh your system and may clear up any software glitches that are causing printing problems. If that doesn’t work, try the following:

    • Make sure that your printer is turned on and connected to your computer. Check that the printer or Ethernet cables are plugged in securely or that the wireless connection is active.
    • Update or reinstall your printer driver. You can usually do this through your printer’s control panel or the manufacturer’s website.
    • Check the print queue. Documents may be stuck in the queue and need to be manually cleared before you can print again.
    • Restart the print spooler. This is a software service that manages the printing process. To restart it, open the Services control panel by typing “Services” in the Windows search bar and hitting Enter. Find Print Spooler in the list of services, right-click it, and select Stop in the menu. Wait for a few seconds as the service is terminated, and once it’s stopped, right-click Print Spooler again and select Start.

    Scanning

    Troubleshooting scanning problems is similar to troubleshooting printing problems. Often, resolving a scanner issue requires nothing more than restarting your scanner or computer. Checking that your scanner is properly connected and updating your scanner driver can also be helpful.

    If you’re still having trouble scanning a document, try the following:

    • Clean the scanner glass. Smudges or fingerprints on the glass can interfere with the scanning process.
    • Adjust the scan settings. Sometimes you need to change the resolution, color mode, or file format in order for the document to scan properly.
    • Verify that Windows Image Acquisition (WIA) is running. This is a software service that manages communication between scanners and computers. To check if it’s running, open the Services control panel and find Windows Image Acquisition. WIA is working correctly if its status is set to “Started” or “Running” and the Startup Type is “Automatic.”
    • If the status is “Disabled” or there is no displayed status, right-click Windows Image Acquisition. Click Properties > General, then select “Automatic” from the Startup Type menu and click Start.

    Connecting to the internet with a VPN

    A virtual private network (VPN) is critical to securely connecting to the internet, especially when working remotely. If you can’t connect to your VPN, try the following:

    • Double-check your login credentials. Make sure you’re using the correct username and password, and that your password hasn’t expired.
    • Uninstall and reinstall your VPN client software. This will ensure that you have the latest version with all the necessary updates.
    • If you’re not using a Secure Sockets Layer VPN, check that your internet service provider is not blocking IP addresses associated with your VPN provider.
    • Reach out to your IT partner or managed IT services provider (MSP) to check if there are any changes that have been made or need to be made to your network firewall.

    Block an email

    By default, Office 365 quarantines phishing and other potentially malicious emails, holding them in a separate folder so that they can’t be delivered to your inbox. You have two options for dealing with these emails: block the sender or release the email from quarantine.

    To block an email, log in to the quarantine dashboard and select the message you want to block. Click the Block Sender button at the top of the message preview pane. The sender will be added to your Blocked Senders list, and future messages from that sender will be automatically quarantined.

    If you’re still receiving messages from a sender you’ve blocked, contact your IT partner or MSP. They can investigate and take additional steps to stop the messages from getting through.

    Release an email

    If you receive an email that’s been incorrectly quarantined, you can release it from the quarantine dashboard as well. Simply log in to the dashboard and select the message you want to release. Click the Release button and the message will be delivered to your inbox.

    If you find that a lot of emails are being quarantined, you may need to adjust your organization’s spam filtering settings. In this case, reach out to your IT partner or MSP.

    Giving access to a specific file or folder

    Sometimes you need to give another user access to a local file or folder on your computer, or a file or folder that’s stored in SharePoint.

    • Local file or folder: To give another user access to a local file or folder, you’ll need to add them as a member of the security group that has permissions to that file or folder. Your IT partner or MSP can help you with this.
    • SharePoint file or folder: Azure Active Directory Security Groups are used to control access to SharePoint sites. To give a user access to a specific file or folder in SharePoint, an administrator will need to add them to the appropriate security group. Reach out to your IT partner or MSP to get this done.

    Syncing data in SharePoint

    You may notice that the changes you make to files stored in SharePoint are not appearing on your local computer, or that changes made locally are not being reflected in SharePoint.

    The system will usually automatically provide you with instructions to resolve sync issues. For example, if a folder name contains unsupported characters, you’ll be given the option to rename it. Or, if a file cannot be saved for specific reasons, SharePoint will suggest possible solutions, such as overwriting the existing file, merging the changes, and creating another copy of the file.

    Related reading: Many RIAs fail to backup SharePoint. Change that with these tips

    If you’re still having trouble resolving these common IT issues, our experts at RIA WorkSpace are here to help. Contact us today to learn more about our services and how we can support your RIA firm.

  • IT Security for Smaller RIAs: Military to Financial Planner Podcast

    IT Security for Smaller RIAs: Military to Financial Planner Podcast

    Our President David Kakish joined the Military to Financial Planner Podcast to discuss IT security priorities for smaller RIAs. He shares tips on the core security building blocks for an RIA just starting out. When you’re a firm with 5 or fewer employees, you need a base level security not just to keep your data safe, but also for compliance. And you don’t have the big budgets of larger firms with dedicated security experts.

    It’s a common misconception that if you’re a smaller RIAs, hackers aren’t interested in you. The truth is, as an RIA you have access to very valuable information about your clients. This is the kind of information hackers want. And if you’re security isn’t set up properly, you’re an easier target for them.

    David shares his priorities for:

    • Securing your web-based apps like your CRM or Portfolio Management tools
    • Keeping the data in your files and folders secure
    • Setting up email security because email is one of the main ways hackers get in
    • Securing all the devices that access your network (also know as endpoints)

     

    Check out the podcast

  • Podcast: Why your RIA should use Microsoft Authenticator instead of Text or SMS for Multi-Factor Authentication

    Podcast: Why your RIA should use Microsoft Authenticator instead of Text or SMS for Multi-Factor Authentication

    If your RIA is using text or SMS messages for your multi-factor authentication, you’re not using the most secure option. In this short podcast, we discuss why RIAs should move away from text and SMS and towards more apps like Microsoft Authenticator. Hackers have the ability to intercept text messages which means they can also get past the multi-factor authentication you have in place to access your apps and data.

    You can learn more about the growing risks of text and SMS messaging in our blog 5 Reasons to move away from text message authentication for multi-factor authentication

    Need help with your email archiving?
    We can help you assess your email archiving needs and get you set up to work seamlessly and meet your IT compliance requirements.
    Get in touch today with your questions !


    Contact Us

  • The best endpoint security for your RIA: Gartner’s top 6 solutions reviewed

    The best endpoint security for your RIA: Gartner’s top 6 solutions reviewed

    What is an endpoint? An endpoint is any device that connects and can exchange information with your RIA’s network. It includes all the computers, phones, tablets, you might expect, but internet-of-things like smart speakers or thermostats are also endpoints. 

    The prevalence of remote and hybrid work has made endpoint security more important than ever because people are using devices outside the protection of the company’s network. RIAs need to be able to protect their data and devices from a variety of threats, and the best way to do so is to invest in a comprehensive endpoint security solution.

    Which endpoint security solution should your RIA firm use?

    The type of solution that you should use depends on a number of factors, including the size of your firm, the type of clients you serve, and your geographic location.

    However, if you’re like most RIA firms, then you probably already use Microsoft products and services, which makes Microsoft Defender for Endpoint a natural choice. It offers robust protection against a wide range of threats, integrates seamlessly with other Microsoft solutions, and is easy to use.

    Microsoft Defender for Endpoint also comes at no additional cost if you already have a Microsoft 365 E3 or E5 plan, making it an extremely economical option.

    At RIA WorkSpace we recommend Microsoft Defender for Endpoint to the firms we work with. It’s a powerful, flexible, and cost-effective endpoint security solution that can keep your RIA firm safe from the ever-growing number of cyberthreats.

    Industry leaders in endpoint security 

    According to Gartner’s Magic Quadrant for Endpoint Protection Platforms, there are 18 technology providers that stand out in the market. These providers are divided into four categories or “quadrants:” Leaders, Challengers, Visionaries, and Niche Players.

    The Leaders quadrant is where you’ll find the cream of the crop when it comes to endpoint security solutions. These are the providers that offer the best combination of features and capabilities, and they’re also the ones that are constantly innovating and expanding their offerings.

    Let’s take a closer look at the six vendors that make up the Leaders quadrant and how their solutions can empower your registered investment advisory (RIA) firm to protect its data and devices.

    CrowdStrike

    The CrowdStrike Falcon is a cloud-based security platform that offers a wide range of technologies to prevent all types of attacks. It includes an endpoint detection and response (EDR) product that’s powered by artificial intelligence (AI) and machine learning (ML), which makes it extremely effective at stopping even the most sophisticated attacks. It also has a file-based antivirus engine that’s light on resources and doesn’t affect system performance.

    What’s more, CrowdStrike’s acquisition of Preempt Security and Humio has allowed the tech provider to introduce additional features into the platform, namely, advanced firewall management and mobile device protection.

    McAfee

    McAfee’s Endpoint Security Suite comprises a number of security solutions, such as MVISION Endpoint, which defends cloud-native workloads, PCs, and servers as well as MVISION Mobile, which protects Android and iOS devices. The suite also includes MVISION EDR, which enables security teams to detect, investigate, and respond to security incidents.

    One unique feature of MVISION EDR is MVISION Insights, which is a technology that prioritizes threats before they strike, predicts if an organization’s countermeasures can stop them, and prescribes the best mitigation strategy.

    Microsoft

    Microsoft Defender for Endpoint is an integrated suite of endpoint protection platform (EPP), EDR, and threat hunting capabilities. It’s constantly updated with the latest security intelligence from Microsoft’s vast ecosystem, which gives it a leg up on other solutions in terms of threat detection.

    In 2020, Microsoft expanded its operating system coverage, introducing new macOS and Linux protection capabilities and additional coverage for Android and iOS devices. The tech giant has also developed enhancements in threat and vulnerability management and attack surface reduction.

    Related reading: How endpoint security and Microsoft 365 can help RIAs and financial advisors avoid a high RON (return on negligence)

    SentinelOne

    SentinelOne’s Singularity platform brings together the company’s EPP, EDR, and next-generation antivirus (NGAV) solutions into one offering. It features AI-driven automation for threat prevention and resolution as well as behavioral-based detection. The platform is also constantly updated with the latest security intelligence, so it can detect and prevent the most recent threats.

    In 2020, SentinelOne added new automated mitigation options to Singularity via the Storyline Active Response capability, making it even easier for security teams to investigate and resolve incidents. In addition, the company incorporated new Internet of Things (IoT) discovery and protection capabilities in its Ranger product, which is also a part of the Singularity platform.

    Sophos

    Sophos Central is a single management console for the company’s EPP, EDR, and mobile threat defense products. This unified platform offers better visibility and control for security teams, making detecting and responding to threats across all endpoint types easier. Sophos Central enables security teams to manage disk encryption, server protection, firewall, and email gateways, providing holistic protection against advanced malware and targeted attacks.

    Trend Micro

    Trend Micro’s Apex One platform offers a comprehensive range of capabilities, including enhanced automated detection and response, expanded investigative features, and centralized visibility. With a single add-on, organizations can expand the platform to include more sophisticated EDR capabilities that can link with other security tools in the company’s portfolio.

    What’s more, Trend Micro solutions work on all current and various legacy operating systems, making it a good choice for businesses with a heterogeneous environment. Trend Micro also offers on-premises, cloud, and hybrid management options, giving organizations the flexibility to choose the deployment model that best suits their needs.

    If you have any questions about Microsoft Defender for Endpoint or need help getting started, feel free to contact us. Our team of RIA security experts would be happy to assist you.

  • Charity scams – SCAM OF THE MONTH

    Charity scams – SCAM OF THE MONTH

    Hurricane season is in full swing and Samantha wants to donate to help the cities that have been hit the hardest. Samantha planned on researching charities before donating, but when she saw a well-known news anchor post a link on social media to a charity collecting donations, she decided to donate through the link. She even reposted it to her own page so that others could easily donate, too. 

    A few hours later she saw another post by the news anchor. Her heart sank as she read his alert that the previous post asking for donations was a scam. A cybercriminal had hacked his account. 

    The link had seemed legitimate, but Samantha later realized it was a misspelled version of the real charity website. Frustrated and feeling naïve, Samantha did not donate again and did not alert her followers that the original post was a scam

     

    Did you spot the red flags?
    • Samantha abandoned her strategy of research for what was convenient. Cybercriminals often use links sent right to a users’ inbox or social media feed in order to catch them with their guards down.
    • After clicking on the link, Samantha did not check the website name for spelling errors or check if the details matched with those of the real charity.
    • Samantha reposted the link and did not take it down or alert her followers that it was a scam.

     

    What you should know about this scam

    Charity scams often take advantage of disaster relief fundraising. Unsolicited messages or emails asking for donations after hurricanes, earthquakes, or wildfires should be treated with caution. Always research and look at reviews before donating.

    For those affected directly by a storm, use references and research before hiring someone to repair the damage. Ask anyone you hire for a written contract and read it carefully. Do not to pay in full before the work is done, especially if the payment method is cash.

    September often brings disasters such as hurricanes or other storms. Cybercriminals often take advantage of those who generously try to help. By researching, looking at charity ratings, and staying educated on the tactics used by scammers, it is still possible to give safely to trustworthy charities who truly do make a difference for those in need.

  • The RIA’s Complete Guide to phishing

    The RIA’s Complete Guide to phishing


    Download as a PDF

    It’s likely you’ve heard of phishing and know it’s something you want to avoid. But do you know what it really means and exactly how a phishing attack works?

    In our experience, lots of people don’t know the specifics. And that’s OK. But the key to keeping your business protected from phishing attacks is to know exactly how they work and the red flags to look out for.

    This guide is here to do just that.

    WHAT EXACTLY IS PHISHING?

    It’s called ‘phishing’ because cyber criminals bait unsuspecting victims into ‘biting’, just like you’d lure a fish to a hook with a big juicy maggot.

    This virtual bait is usually in the form of an email. And when the victim gets hooked, their device and potentially their whole network can become infected with malware. Or the victim is enticed into giving away login credentials which can lead to data and even financial theft.

    Phishing isn’t just inconvenient. You should see how much time, expense and stress has to be invested in fixing the damage. Understand this: You want to avoid a phishing attack.

    Oh, and phishing doesn’t always come in the form of an email either. But more on that later.

    To help you understand just how BIG PHISHING ATTACKS have become, here are some scary stats…

    • Last year 83% of organizations reported experiencing phishing attacks – that’s up 28% from 2020.
    • It’s expected there will be an additional 6 billion attacks this year.
    • A third of phishing emails are opened.
    • Around 90% of data breaches occur as a result of phishing.
    • 1 in 99 emails is a phishing attack. 25%of these slip through the security filters in your Microsoft 365 inbox.
    • 60% of successful phishing attacks result in lost data.
    • 52% result in a compromise of login credentials.
    • 47% of phishing attacks lead to ransomware, where your data is encrypted and held hostage until you pay a ransom fee.
    WHAT DOES A PHISHING ATTACK LOOK LIKE?

    A phishing email will drop into your inbox like any normal email. Often, it’ll look like it’s been sent from a legitimate sender, so you don’t suspect anything is wrong. This is dangerous when it’s pretending to be from a popular company, like Amazon or PayPal. But in some cases, the attacker will have learnt information about you, such as the services you subscribe to, and the email becomes all the more believable – and riskier. At a glance, the email won’t look suspicious. Everything is as it’s supposed to be, so it’s likely you won’t question the contents…especially as it’s often an urgent request for you to act, which can be distracting in itself.

    This urgent request will work in different ways: It can ask you to open an attached file, perhaps asking you to confirm details of a recent purchase. By doing this, your device may become infected with malware. And if that device is connected to a network, it’s possible the malware could spread to other devices.

    Another common approach is to ask you to click a link. This might take you to a fake page(known as a spoof web page)pretending to be a service you really use… and when you login, you have given your login details to the criminals.

    BUT A PHISHING ATTACK ISN’T ALWAYS AN EMAIL?

    Sadly no. That would make things easier for those of us in defense.

    A phishing attack can take many different forms. These are some of the most common ones:

    1. Pop-up phishing: Clue’s in the name. This is phishing via a pop-up. It may say there’s a problem with your device’s security and ask you to click a button to download a file, or call a number to get it fixed.
    2. Vishing: Like a phishing attack but done over the phone. Someone will call and pretend to be a person or company you know, or a representative of them. They’ll ask you to take an action, such as giving them remote access to your device, or visiting a website.
    3. Spoofing: A website that’s created to look like the real thing, but isn’t. Once you log in, you’ve given away your credentials (spoofing can be used alongside other forms of phishing attacks too).
    4. Smishing: Like a phishing email, but over SMS straight to your phone.
    5. Domain spoofing: This is where you click a link that looks to be the genuine web address, except it’s been faked. Again, once you act on that site your details have been stolen or you have downloaded malware.
    6. Evil twin phishing: A fake Wi-Fi network is set up to look like the real deal. When you log in, the cyber criminal steals your data.
    7. Angler phishing: Social media posts which are created to encourage people to access an online account or click a link which downloads malware.

     

    Oh, and there are different forms of phishing emails to beware of too:

    1. Spear phishing: These are sent to specific people who have been researched to some degree, so that the information in the email is more relevant and therefore more believable.
    2. Man in the Middle attack: A cyber criminal jumps in the middle of an existing email thread and takes over the other side of the conversation. They already have your trust and can ask you to take a specific action.
    3. Whaling: These phishing emails target people in executive positions within a business, who are likely to have greater access to sensitive areas of the network.
    4. Clone phishing: Copies an email you’ve already received and adds a message such as ‘resending this…’ but includes a malware link for you to click.
    WHO’S AT RISK?

    Sorry to say it, but everyone in your business and especially you, as the boss (See whaling, above). It’s a real threat you need to take seriously.

    This isn’t something you can ignore as “it’ll never be targeted at us, we’re too small or obscure a business.”

    Cyber criminals use automated tools to target all businesses, all the time.

    You don’t read about small businesses being affected, as those stories don’t end up in the news.

    DO YOU HAVE EXAMPLES OF WELL-KNOW PHISHING ATTACKS?

    Some of the biggest companiesin the world have been fooledby phishing scams.

    Between 2013 and 2015, Facebook and Google were scammed out of $100 million when cyber criminals carried out an extended fishing campaign.

    They took advantage of thefact that both companies usedthe same Taiwanese vendor,Quanta. They sent a series ofinvoices pretending to be fromQuanta, and both Facebook andGoogle paid. When the scam was discovered, it was taken to the US courts. The attacker was arrested and extradited from Lithuania, and Facebook and Google recovered just under half of what was stolen.

    In 2014, Sony Pictures became the victim of a phishing attack that wasn’t about money.

    The attackers were believed to have a connection to North Korea, and targeted Sony because of a movie it refused to withdraw that mocked Kim Jong Un. The cyber criminals used fake emails to steal huge amounts of information from Sony’s network. That included email conversations about staff members, scripts, and employees’ personal information. They even gained access to Sony’s offices by tricking their way in. Then they impersonated IT staff and installed malware on Sony’s systems. The attack ended up costing Sony around $35 million in IT repairs.

    HOW CAN WE STAY PROTECTED?

    As with most types of cybercrime, protection against phishing starts with education.

    Everyone in your entire business should have regular cyber security awareness training. And we really do mean everyone. Because if someone is using any device, they need to be aware of the risks and the red flags to look out for.

    This may relate to a phishing attempt, or it could relate to one of the other forms of cyber-attack or threats that businesses like yours face every day.

    When it comes to phishing attacks, there are a number of warning signs you and your team should be on the lookout for:

    • Misspelled words, websites, or email addresses
    • Oddly named attachments
    • Who the email is addressed to
    • Poor grammar and punctuation
    • An unusual layout to the email

     

    DO hover your cursor over the sender’s name in your emails, as well as any website addresses. This will show you the actual email address used, or the website you’re being directed to.

    DON’T log in to any of your accounts by following a link in an email. Go directly to the website that you always use and login that way.

    DO check all emails to make sure they’re genuine. Even if they’re from close friends or colleagues.

    DON’T use the same passwords across different online accounts. Cybercriminals will often try your credentials on countless other sites once they’ve stolen them. Using different login details will keep your other accounts protected.

    DO use a password manager to make sure passwords are long and randomly generated, making them virtually impossible to guess.

    DO implement multi-factor authentication across applications (where you use a second device to prove it’s really you logging in).

     

    If you often deal with financial transactions over email, it’s a good idea to set up a dedicated email address that invoices should be sent to. If you don’t advertise the address, it’s far less likely that it will be targeted with phishing emails.

    You could also implement codewords with clients or suppliers if an email is regarding payments. If the email doesn’t contain the codeword, you know not to process the transaction. Don’t email these codewords out… phone your suppliers to tell them about the codeword scheme.

    Finally, make sure your policies accurately reflect your stance on financial transactions and the best way to handle them. For instance, you might decide that all transactions must be confirmed over the phone for security reasons.

    As you can see, there’s a lot more to phishing than you thought. Attacks are evolving all the time, so it’s important to take them seriously and protect your business as best you can.

    If you want more information, or you need help protecting your business, get in touch.