HELENA, Mont. — The Montana Secretary of State’s Office is reminding Montana businesses to be aware of and stay safe from potential cybersecurity threats.
Cyber attacks such as phishing, malware, and ransomware remain a growing threat for small businesses across the country. A recent release from the U.S. Small Business Administration stated the cost of cybercrimes was in the billions of dollars in 2020, according to the FBI’s Internet Crime Report.
The Cybersecurity & Infrastructure Security Agency (CISA) Shields Up! webpage is a resource to “help organizations understand more about the possibility of geopolitical threats to our cyberspace, including consolidating recent cybersecurity alerts, specific country threat information, and our recommendations on actions you should take to protect your organization.”
The CISA Shields Up! webpage also provides recommendations for corporate leaders and CEOs, as well as additional resources.
“Cyber attacks continue to affect Montana businesses, resulting in financial and infrastructure impacts,” said Montana Secretary of State Christi Jacobsen. “We want our Montana businesses to recognize these threats and know how to combat them so business continues to thrive in our state.”
Austin Lindsay, Information Security Officer with the Montana Secretary of State’s Office, reminded businesses and individuals that phishing emails are a common cybersecurity threat.
“It’s important to maintain an elevated sense of awareness to phishing emails,” said Lindsay. “Understanding and recognizing the common red flags can protect a business from experiencing a cyber attack.”
According to Lindsay, some common red flags to help identify phishing emails include:
- Unfamiliar Sender’s Address
- Attackers may attempt to spoof a legitimate email address. If you have received an email from a colleague using an abnormal email address, double check with your colleague by a different form of communication to confirm that they did send the email. Also, be cautious of email senders that you would not expect to receive an email from.
- Errors in the Sender’s Address
- Attackers may spoof legitimate email addresses by slightly changing the letters. Be sure there are no missing letters or slightly different spellings. When we read words, we tend to not read every letter. Take the time to double check the email address.
- Urgency Verbiage
- Phishing emails are often designed to give a sense of urgency. The attackers are hoping to incite panic to make you click on something quickly without taking the time to question the legitimacy.
- Links and Attachments
- Be cautious of any links or attachments sent through email. Malicious links and attachments are often the way for malware to be installed.
- Bogus/Mismatched URL Links
- You can easily detect this red flag by hovering your mouse over the link in the email. An address will appear. Does the address appear legitimate? Hackers may attempt to spoof a legitimate address by slightly changing the URL. Be cautious of any links that begin with http:// instead of https://. When in doubt, visit the legitimate site through a different means, such as a Google search, instead of clicking on the link.
- Ambiguous Greetings
- Sometimes a phishing email is sent to multiple people. Therefore, phishing emails can begin with ambiguous greetings such as “Hello.” Be cautious of emails that are not specifically directed towards you. However, this rule cannot identify all phishing attempts, because spear phishing is when the email is targeted directly towards you.
- Misspellings
- Phishing emails sometimes contain misspellings or strange grammar choices. This is an indicator that the email could have been written by a someone in a different country.
The Cybersecurity & Infrastructure Security Agency (CISA) also provides additional resources available to businesses. Those resources are available by clicking here. There are no cost services for businesses in the critical infrastructure sector.
The Montana Secretary of State’s Office also wants to remind Montana businesses about a deceptive mailing regarding a Certificate of Existence. The mailing is addressed to new businesses and is not associated with the Montana Secretary of State’s Office. An example of the mailing can be viewed by clicking here.