No doubt you’ve all seen the news articles about the security breach suffered by Waikato Hospital this week. When it first happened Simon said his bet was that it had come in via an email, and that seems to be the case (Check out this article from Stuff).
The reason we’re not surprised about this is that emails are one of the most common sources of cyber security breaches for individuals, and increasingly commonly, businesses as well. In this case they suspect an email attachment, but links in emails are also common. Emails requesting (sometimes forcefully) that you click here and login are an easy way for scammers to get hold of your login details. Email attachments can introduce all sorts of things to your computer – viruses, malware including software like keystroke loggers to steal your login details. The goal here is to steal or extort your money. The DHB has apparently received a ransom threat.
The trick here is that security systems are very good so what the scammers like to target is human error. When your data is in the Cloud and available to legitimate Users online, it’s very important that each User with login credentials (email and password) knows how to protect those credentials. Think of it like the physical keys to your business – that’s how sensitive these credentials are. We’re enthusiastically recommending that businesses in particular use 2-factor authentication. This is where your login credentials are supported by a code sent to your phone; when you go to login you have to enter a unique code to complete the login, which scammers will not have even if they managed to get hold of your credentials. Another key thing to remember is that real companies will not ask you to click on links in emails and enter login details, and they will only send you an attachment by email if you request that they do so (ie if you sign up for your bills to be sent via email).
We have an online safety course, a version each for both individuals and businesses, to increase knowledge about how to protect yourself and your business online. If you’re interested in improving cyber security please contact us. We will be more than happy to discuss.