It is hard to imagine doing any kind of business without using some kind of tech gear these days. It has become so common place, that most people’s handwriting would struggle to compete with a 6-year-olds because we are all so used to tapping on our keyboards or phone screens, rather than picking up a good old-fashioned pen. Being so tech-savvy, we are all pretty confident that we would never be tricked by any phishing scam, right? Well, much like fishing – it’s all about the bait! And at times, you will have probably been a victim of a phishing scam without even knowing it!
What is a phishing attack?
No, we are not talking about a fishing trip that ends in disaster! We are of course talking about cyber security breaches. Phishing is one of the main forms of social engineering attacks and is one of the most common security challenges that both individuals and companies face in keeping their information secure. Whether it’s getting access to passwords, credit cards, or other sensitive information, cyberhackers are using email, fake websites, social media profiles, phone calls, and any form of communication they can to steal valuable data. Businesses, of course, are a particularly worthwhile target with reports of phishing attacks costing organisations more than €3.21 million every year!
The current pandemic has most definitely not changed or slowed down the pace of malicious threat activities in the cyber world. In fact, with more of us now working from home and most organisations’ infrastructures shifting to the cloud, phishing emails remain rampant! The impact on companies is wide ranging, affecting not only their bottom lines but also major reputational damage due to potential losses in client and customer data.
What are various phishing techniques used by attackers?
Phishing attacks come in all shapes and sizes and often offer irresistible bait. These can include:
- Embedding a link in an email that redirects your employee or customer to an unsecure website that requests sensitive information.
- Using fake social media profiles and websites impersonating brands.
- Installing a Trojan via a malicious email attachment or ad which will allow the intruder to exploit loopholes and obtain sensitive information.
- Spoofing the sender address in an email to appear as a reputable source and request sensitive information. We’ve all had that email from an African Prince needing to temporarily transfer money to you and therefore asking for your account details!
- Posing as an employee/manager and send emails asking colleagues to pay an invoice to a reputable firm.
- Attempting to obtain company information over the phone by impersonating a known company vendor or IT department.
An organisation’s employees are often the primary target, the means to the attackers’ end of gaining access to company systems. Employees are the easier targets due to their susceptibility to various emotional and contextual triggers.
With 30% of phishing emails able to bypass default security measures and another 30% of them being opened by target users, what can you do to keep your company protected?
Our top tips to protect your organisation against phishing attacks
You’re in luck! Below we have outlined our top tips to protecting your company against phishing attacks:
- Educate, educate, educate – being the end-users for phishing emails, employees are a company’s last line of defence against a security attack. It is important to make sure that your employees understand the types of attacks they may face, the risks, and how to address them. Informed employees are key when protecting your company.
- Your passwords are the key to your kingdom – use password managers where possible. Ensure employees use password that are strong and unique.
- Continuously monitor – monitor domain names that include your brands, or typos of your brand(s), that are trying to mislead email recipients into believing they are receiving communication from you.
- Act fast – take immediate action against domain names linked to an MX record, showing that the domain may be used in an email address.
- Put up the barriers – make sure your company employs effective security barriers, including robust policies, antivirus solutions, web filters, encryption, spam filters, working from home protection etc.
- Protect your name – protect key brand names as registered trademarks to help you evidence your proprietary rights – this helps to take downs sites and suspend domains.
And last but not least….
- Think outside the box – research suggests that half of all cyberattacks in the business world now involve supply chains. From accidental or malicious activity by insiders within partner organisations, to external hacks by cybercriminals, make sure you have a clear picture of your supply chain, otherwise it will be very hard to establish any meaningful control over it.
You won’t reduce the threat level to zero, because there is always the possibility that there will be someone willing to do whatever it takes to break into your organisation. But by doing the basics well, monitoring the web and protecting you IP assets, you’re signalling that it’s going to take time and effort to break down your cyberwalls, and that would-be attackers are better off looking elsewhere for an easier target.
Your e-mail address will be used to send you communication messages and invitations to our events in accordance with our Privacy Notice. You can unsubscribe at any time.
© 2020 BRANDIT. All Rights Reserved. Privacy notice & Terms and Conditions