Sign up for our Newsletter
Keep up to date with the latest IT news, tips and guides from Dragon IS and sign up here:
MP phishing scam: What lessons can be learnt?
A sophisticated cyberattack that resulted in the emails of an MP being compromised has once again highlighted to businesses the importance of taking every step possible to remain secure online.
It has been reported that SNP MP Stewart McDonald fell victim to an email phishing scam that saw him unknowingly provide access to his private MP email account to a suspected hacking group.
According to news reports, the incident played out as follows:
- Mr McDonald received an email to his MP private email account.
- The email appeared to be from a member of his staff.
- The message said there was a password-protected document attached.
- Mr McDonald clicked on the document and this brought up a login page for the email account he was using.
- He entered his password and this led to a blank page. Mr McDonald assumed this must be due to an issue with the attachment.
- When he later asked the member of staff about the email with the attachment that wouldn’t open and they didn’t know anything about it, alarm bells began to ring.
Commenting on the news, Lionel Naidoo, MD, Dragon IS, said: “While the consequences of this particular scam have yet to be fully realised, it should act as a wake up call for all businesses to review their own cybersecurity measures and procedures. For example, introducing multi-factor authentication for email accounts and other platforms is one way to quickly add a second layer of protection.
“Prevention will always be better than cure and that means ensuring IT systems are as secure as possible, while also providing regular training and education for employees.”
Research shows that cyberattacks on UK organisations surged by 77% in 2022, with the UK education sector alone seeing a 257% increase. Email phishing scams remain the most common type of attack. This includes email impersonation (also known as email spoofing) whereby an email is made to appear as though it is from a different account.
So, what can you do to lower the risk of you, your employees and your business becoming the victim of a successful cyberattack?
- Activate multi-factor authentication (MFA)
Introduce MFA for business email accounts and encourage staff to activate it on any other platforms they use which offer it. This will require that more than just a username and password is entered to gain access to an account. For example, you may need to enter a unique code that is sent via text message.
- Use strong and unique passwords
Remind staff of the importance of using strong passwords and where possible, update systems so that a weak password will not be accepted as an option. Despite the warnings, many people are still using weak passwords. According to a Google poll, over 52% of users also admit to reusing passwords and approximately 13% admit to using one password across all accounts.
- Provide regular cybersecurity awareness training
While cyber security measures can help lower the risk of a phishing email or other cyberattack getting through, you can never fully eliminate the risk. It’s therefore vitally important that you make your employees aware of how to spot a phishing attempt and the actions they need to take if they receive an email, text, or call they’re not sure is genuine.
- Carry out spot checks
To monitor how well your training and education is working, send out random test phishing emails regularly. Invest in further training for anyone who is shown to need it and keep the conversation going. Cyber security needs to be a core company function that everyone is aware of and working together to maintain.
- Get Cyber Essentials certified
Cyber Essentials is a government backed scheme designed to help organisations of all sizes reduce the risk of a range of the most common cyberattacks. There are two levels of certification you can go for; Cyber Essentials, which shows you how to address those basics and prevent the most common attacks, and Cyber Essentials Plus, which also includes a hands-on technical verification.
In need of expert support?
Here at Dragon IS, we specialise in providing affordable cybersecurity solutions and managed IT support for growing businesses. For help and advice with any of the issues raised here, please contact us on 0330 363 0055 or email info@dragon-is.com.