phishing - fish hook with a credit card on white computer keyboard
Businesses are responding to the latest vulnerabilities in their email and website security by investing in employee training. Businesses are also continuously becoming victims of phishing emails through poor judgment by their employees and the lack of training to have the ability to recognise these malicious emails. In fact, phishing emails and poor website security are among some of the biggest sources of cyber attacks.
According to a recent survey conducted by Mimecast on ransomware preparedness, “human risk is now the biggest cybersecurity challenge for organizations, overtaking technology vulnerabilities.”
Ransomware is a widely known and costly problem. However, this doesn’t consider additional expenses such as downtime, removal of the ransomware, lost opportunities and people time.
Businesses heavily rely on their emails as a means of communication between clients and employees. It is where workflow is managed, and clients are tended to.
Downtime as a consequence of a ransomware attack could cost you opportunities and put a strain on trusted relationships with your client base if their data were to be compromised. It doesn’t help that these phishing attacks are becoming more sophisticated and difficult to identify. Many cyber attackers will imitate people that you know or are familiar with such as a colleague or boss.
The golden rule is not to open any emails, attachments or click on links sent by a user that you do not recognise, did not expect an email from or looks suspicious. There is often a “tell” when you receive a phishing email such as:
Poor grammar
Unfamiliar tone
Sense of urgency- e.g, entering your account details using this link/send this document or else!
It was reported that website security was recognised as the most crucial technology in helping to prevent ransomware attacks. This refers to the implementation of firewalls, access controls and antivirus software on your devices.
All this combined will help to identify any suspicious emails or attachments being sent to your inbox. Antivirus software is particularly good at recognising and blocking potential cyber threat links or web pages.
It is also good practice to have an email filtering tool active that will block any unwanted or potentially malicious code/ links which could compromise your device. These tools will specifically flag up any content that appears as spam or phishing.
As we covered, if human error is a major cause of breaches, basic cyber security training for your employees is crucial!
There are four main types of phishing:
Cyber criminals impersonate the CEO of the company, creating an email that intends to look like it has been sent from the CEO to a new or lower-level employee.
This is a type of phishing attack where the cyber criminal will create emails and websites which look like a legitimate company. The website will normally feature a URL that is very close to the company that they are impersonating.
This is the opposite of CEO fraud. Instead, higher-ranked employees such as managers or executives are targeted using highly personalised emails. They can often feature false employee names and job positions.
These types of emails are designed for specific individuals using enticing subject lines and content.
The key to preventing as many phishing attacks as possible is through training your employees. You need to make your employees aware of the potential threats, how they occur, what are the risks and how to deal with them.
We hope you’ve liked this blog and that you’ll stick around to see our future releases. We cover everything from recent IT News to Knowledgebase articles. Thanks for reading!