The outbreak of the COVID-19 coronavirus and the subsequent lockdown have proven to be more problematic for various industries and businesses, and not just health-wise.
Though companies have stepped up social distancing measures to contain the virus by directing employees to work from home, these measures have, unfortunately, made some of them more vulnerable to virtual attacks. The ongoing pandemic has provided opportunities for cybercriminals to target your employees with a swell of phishing emails.
Some of these attacks are so devious that they claim to be from the Centers for Disease Control and Prevention (CDC) or other groups claiming to offer information on the virus. At the same time, the World Health Organization is warning people about cyber scammers sending fraudulent emails with malicious links.
Email: A level five cyberthreat
Despite the obvious benefits of email, it also comes with a significant disadvantage - questionable security. The FBI recently reported that cyberattacks on businesses have cost them over $12 billion in the last five years. Just in the past 12 months, around one-third of all companies have reported cybersecurity breaches.
There is a simple reason why cybercriminals attack companies via email, and that's because it gives them direct access to their weakest link - employees themselves. These cyber-attacks, called Business Email Compromise (BEC), have led to $26 billion in financial loss over the past three years, and they're still reaching inboxes.
To protect themselves from phishing attacks, organizations need to take six simple, yet effective, steps to improve their email security:
Multifactor authentication (MFA), also known as two-factor authentication, should be compulsory for email accounts and corporate applications. Why? Because it dramatically reduces the risk of Account Takeover (ATO) if an employee is successfully phished.
Anti-Phishing Training Program
By conducting regular anti-phishing training, companies can improve their employees' awareness levels and reduce their susceptibility to phishing.
Employees need to promptly and consistently report emails they believe may be malicious. This can be done with a click of a button or by monitoring their inboxes. Reporting provides vital information on what's getting through the existing defenses and what part of the defensive strategy should be readjusted.
Set-up and implement DMARC
Domain-Based Message Authentication Reporting and Conformance (DMARC) is an email authentication technology that ensures the “From” address that users see in their email is trustworthy. It ensures that emails are properly authenticated against established SPF and DKIM standards and that any fraudulent activity of your company's domains is blocked.
According to recent studies, 92% of malware is delivered via email. So, the best way to protect critical assets and reduce the risk of compromise is to layer email security. Look for both content and identity solutions to ensure maximum protection.
Audit your email ecosystem
Companies often use numerous cloud-based services for nearly any business or IT function. Most of those services can send emails on behalf of the company. But if those services are not being used, they can be hijacked and used for phishing attacks. The same applies to email servers. If they aren't being used, they should be turned off.
If your company is really serious about fighting off phishing threats, then it's necessary to update your protection software. Ensure that your entire organization is protected with an effective email security service provided by Anubis Networks.