Hopefully you’ve already implemented two-factor authentication (2FA) on your email and other systems to secure your organisation’s data. If you have, you may think you’re fully protected, but recent hacker exploits show that even 2FA isn’t foolproof.
How do hackers get around 2FA?
Cyber-criminals send a phishing email that looks like a genuine site, but points to a URL (web site address) that directs the user to the real site but via the criminal’s server (known as a proxy server). The user logs in as usual and gets the genuine site. However, the username and password are captured by the criminals, who can also see and record other important technical information about this browsing session (known as a session cookie).
Using this information, they can recreate the cookie on their system, which then allows them to access the genuine site that believes it's still the victim accessing it. From that point on the criminals have full access to do what they want.
Why It Matters:
This demonstrates that even the best security measures can be undermined by human error. Social engineering targets employees, making them the last line of defence against cyberattacks.
What You Can Do:
- Watch the URLs: Encourage your team to manually type in URLs or use bookmarks instead of clicking on email links.
- Invest in User Education and Tools: Regular training on phishing awareness and simulated attacks can help your team stay vigilant. Additionally, consider using tools to provide continuous education and protection, keeping your employees alert to evolving threats.
- Don’t Rely on Technology Alone: Regularly update security protocols and ensure your team is equipped to identify and avoid social engineering attacks.
The Bottom Line
This isn’t just a theoretical risk. Vigilance is your best defence. It’s not just about having the right tools in place; it’s about empowering your people to recognise and respond to threats before they can do damage. By investing in comprehensive security awareness training and tools, you can help ensure that your team is ready to defend against the next attack.
If you’d like some free, impartial advice about making sure that your systems and your team is ready please book a no-obligation appointment or call us on 03300 886 116.