Data breaches have unfortunately become common occurrences in recent years. As cybercriminals get more sophisticated, new types of data breach scams are emerging that specifically target businesses across the UK. I need to be aware of these new scams to protect my company’s sensitive information.
Business Email Compromise (BEC) Scams
BEC scams involve cybercriminals gaining access to a company’s email system and monitoring communications. The scammers then use the stolen information to conduct targeted social engineering attacks.
For example, scammers may send fake invoices from what appears to be a supplier email address. Or they could pretend to be the CEO and urgently request sensitive data or wire transfers from employees. This results in companies unknowingly sending money or information to criminals.
According to the UK National Cyber Security Centre (NCSC), BEC scams have cost UK businesses over £800 million since 2016. Raising employee awareness and implementing email security tools can help defend against BEC scams.
Ransomware Data Theft
Ransomware is malicious software that encrypts files on a device or network. Victims have to pay a ransom to get their data back.
However, some ransomware gangs will not just encrypt data – they will steal copies of sensitive files and threaten to publish them online unless the ransom is paid. This exfiltration of data can have huge reputational and financial damages.
The despicable Conti ransomware group claimed over 400 UK victims in 2021. The UK Health Security Agency and other healthcare bodies temporarily shut down systems recently due to another ransomware threat.
Using offline backups, blocking suspicious email attachments, and segmenting networks can limit ransomware effectiveness.
Third Party Provider Breaches
Most companies use third party providers for services like IT, payroll, marketing etc. If any of these vendors suffer a data breach, it can compromise your company’s information as well.
For example, the 2021 Accenture security breach impacted many of their customers globally due to interconnected IT systems. The 2020 Blackbaud breach leaked data of numerous universities and charities.
Conducting due diligence on providers’ security measures is essential. Using segregated IT systems for third parties is also recommended to minimize breach impacts.
Secure Sites with HTTPS
Many companies still operate websites without HTTPS encryption. This leaves customer data open to interception through man-in-the-middle attacks.
Cybercriminals can inject malware or steal entered information from insecure HTTP sites. Enabling HTTPS across your online domains should be a top priority to prevent data theft.
Let’s Encrypt offers free SSL/TLS certificates to enable HTTPS. While migrating sites, it’s also important to 301 redirect all HTTP pages to HTTPS versions to avoid search engine indexing issues.
Avoid Phishing Lures
Phishing remains one of the top vectors for data breaches. Scammers craft convincing fake login pages, email attachments, and messages that fool employees into compromising login credentials.
With stolen passwords, attackers can easily access and extract company information. Security awareness training combined with email security tools can help employees identify and avoid phishing lures.
Implementing multi-factor authentication is also vital to prevent stolen passwords from turning into data breaches. MFA adds an extra layer of account protection beyond just usernames and passwords.
The Key is Vigilance
Cybercriminals are devising ingenious social engineering methods to steal company information. Remaining vigilant and training employees is crucial.
Following cybersecurity best practices around areas like email security, third party oversight, backups, and website encryption will help keep your firm’s sensitive data safe.
Being proactive about security will help ensure your business avoids becoming the next victim of these insidious new data breach scams targeting organizations across the UK.
