Are your employees capable of recognizing a phishing attack? Before you answer that question with a smug, “Yes” let’s look at the facts. According to the CEO of EveryCloud, the popular online security system, 94% of ransomware attacks start with a phishing email.
And, while you’re probably pretty confident that you could spot a phishing email, it’s harder than you think. Hackers use a variety of attack vectors. You probably know that you’ve got to be careful when it comes to emails from your bank.
But what if you get an email saying that there’s suspicious activity on your Netflix account and that they’ve changed your password as a precautionary measure? Your first thought is going to be that someone’s hacked your account. It seems harmless to click on the link, after all, how much info can they really get by getting you to sign into Netflix?
Where’s the Harm?
Now, let’s ask another question, do you use different passwords for all the websites you subscribe to? If you’re like most people, you probably use the same password or a variation of it for all sites. You probably also opt for the same username or email address to login. That’s convenient for you, but also dangerous.
As a rule, it’s good practice to use a unique password for any sites related to financial info. It’s also a good idea to use a unique password for logging into your business site.
Phishing Attacks Take Different Forms
Of course, not all phishing attacks are aimed at getting you to hand over your password. Phishers may also use these emails to:
Get you to divulge sensitive company or client information. They might pretend to be a trusted client asking for seemingly harmless information like a statement. Or maybe they’ll pretend to be a senior member of staff to get the information that they want.
They might also try to get you to transfer money. You’d pick that up straight away, right? Maybe, but maybe not. What if an email seems to come from a supplier, changing out the account details for payments? Or if they emulate a senior official authorizing a transfer?
The email itself might have malware embedded in it. Or the link may lead you to a site where malware can attack your computer. Either way, the hacker gets the same results – access to your system.
How to Protect Your Data
You need to mount a great defense. The main reason that these phishing emails succeed is that someone mistakenly clicks on the link. You can reduce the chances of that happening by:
Your best defense is to prevent the phishing emails coming through in the first place: Using antivirus software is not enough – you should also use an email scanning program to help filter out the suspicious emails. These apps quarantine emails that look suspicious. Someone at the company can always check these quarantined items in case they’re legit, but you’ll stop a lot of attacks before they hit your servers.
Train your staff: Security awareness training is not a luxury anymore – it’s essential. Regular updates will teach your staff what to look for and keep them more vigilant.
Encrypt your files and create regular backups: This helps to limit the damage if someone does hack your system.
When it comes to preventing a data breach, a multi-pronged approach will serve you best. Use software to help you protect your data from an outright breach. Train your staff so that they recognize suspicious emails. Then take steps to ensure that the damage is limited if the system is breached. Take a lesson from the scouts and always be prepared.