Fighting phishing attacks is a simple matter of having proper email security protection software and employee education. However, even though this seems straightforward, phishing attacks are still a plague on businesses today, especially for Small and Medium Businesses.
Research shows us that half of all small businesses experience cyber attacks. What’s more, and according to the research, it seems that over 70% of attacks have deliberately targeted small businesses.
A percentage of the affected businesses went bankrupt in the next six months, and in a few cases, the lack of security controls (that lead to the successful phishing) may have played some role. What is known is that the impact of a successful phishing attack is too great to ignore, and yet many companies don’t do enough to prevent against common phishing attacks.
It is crucial for every business to educate employees about Cybersecurity teach them on how these cyberattacks work and how they can protect themselves: testing them by simulating a phishing email or social engineering attack, develop policies and limited access to company sensitive data, coupled with advanced email protection software that helps mitigate the cybersecurity risks in your organization.
Employee Education and Phishing
Phishing remains one of the most successful attack vectors used by criminals due to its speed and sophistication targeting both regular people and businesses. According to Verizon’s Data Breach Investigations Report from 2019, 84% of social attacks are related to phishing.
Today, phishing is the most common threat vector on business and cybercriminals have become more sophisticated using techniques to fraudster employees. One of the attack types which is becoming increasingly prevalent is business email compromise (BEC) - a phishing scam. It's important to train them so they can understand how to protect themselves against this type of attacks.
Here’s what employees need to know about Phishing:
- Don’t provide any information, such as personal data, company information, account credentials, passwords, etc. by email or by clicking a link if you don’t know who is asking.
- Don’t open emails that you don’t know if the sender is legitimate, because hackers use real brand images and logos for people fall for scams.
- Don’t click on suspicious links or attachments in the emails before validating if the sender is legitimate.
- Pay attention to emails with subject lines that commonly use enticing or threatening language, because cybercriminals use these tactics to spread scams. For e.g. 'Your Credit Card Expired' you could provide any credit card number or your personal information.
- Pay attention to emails with grammatical issues, because phishers make some mistakes, and that indicates that the sender isn’t reputable.
- If you are suspicious, ask the sender for a confirmation on the email request, preferably by other means.
Your employees should know how to spot such phishing/BEC emails, but they should work as a team to protect the company and should know how to react and how to report within the company if they are a victim of these attacks.
The Importance of Email Security Software
Besides proper employee education, a company should strengthen its current email protection system, by choosing advanced email protection that effectively can protect from potential phishing and ransomware attacks.
In today’s sophisticated threat landscape hackers can bypass the traditional filtering methods, by maintaining a substantive amount of lookalike domains to perpetrate targeted phishing attacks.
It’s very important that the advanced email security software adds Phishing filters to the existing filters since they are to recognize and prevent receiving emails from suspicious sources.
With the phishing filters its possible to determine the following:
- “Lookalike” domains site addresses that look like very to the domain;
- Spoof “header from” email addresses it consists in the forgery of an email header so that the message appears to have originated from a legitimate source;
- Mismatch “reply-to” addresses with seemingly legitimate “header from” addresses.
The advanced email security platforms should provide several key filters and features to really protect your company against the latest email security threats: conventional spam filter, modern phishing filters, and automated malware analysis. Which means a complete email security solution to protect the business of all sizes against the more sophisticated threat landscape environment.