It’s one of those ‘it will never happen to me’ things. Cyber attacks are events we read about in newspapers or on our social media feeds, events which befall high profile public figures or vast multinational organisations, events which — at any rate — can be prevented with the right software and a dose of common sense.
But this level of complacency is dangerous. The fact is, the risk posed by malicious emails is a significant one, and cannot always be guarded against simply by deploying an anti-virus or anti-malware solution.
A Wolf in Sheep’s Clothing
Phishing emails are hugely common — maybe much more common than you first realised. Most of these emails are amateurish affairs and poorly thought out scams which get mopped up quickly and safely by your email client’s spam filter.
However, some malicious emails are more sophisticated; sophisticated enough to slip under the radar and into your inbox — maybe even sophisticated enough to trick you into believing it is real. Statistics published by Barkly in 2016 showed that phishing attacks on businesses were on the increase and that a remarkable 30% of phishing emails end up opened. This is a minority, of course, but it is a fairly big minority — certainly big enough to put sensitive data at risk.
Don’t dismiss these wolves in sheep’s clothing out of complacence. Instead, understand and defeat them.
How Phishing Emails do their Damage
Phishing emails work in numerous different ways, and it is difficult to pin down key trends and characteristics to look out for. However, a common phishing scam involves an email received from a source which seems genuine — seemingly from a bank, for example, or from a company you have an account with.
The email suggests that your account may have been compromised, and advises you to change your password. You don’t think too much of it, you enter your old password and then a new one, and you click ‘Reply’. The email was fraudulent, and the fraudsters now have your password. It can be as simple as that.
Protecting Your Data from Phishers
The Office of the Australian Information Commissioner provides several tips for keeping your organisation and its data safe from phishing attacks;
- Consider which data is most vulnerable and adequately secure it
- Consider each piece of information – is it really necessary to hold this information?
- Build privacy protections into the design of your information handling practices
- Carry out ongoing risk assessments regarding information vulnerability
- Systematically destroy records which are no longer needed
- Conduct searches for published company emails online.
- Hold training sessions for clients, partners, and employees.
- Make sure all software and systems are regularly updated.
- Deploy a reliable security solution which covers email clients.
- Adopt policies of vigilance and mindfulness about all online behaviour and email interaction.
- Simulate mock attacks to ensure awareness among employees and users.
Are you doing all you can to keep your business safe from phish attacks? Try a free trial of Sophos Phish Threat from Productiv– a powerful phish attack simulator which keeps you and your users several steps ahead of the attackers. The software uses data regarding recent phishing attacks to simulate some of the most up to the minute security issues affecting today’s businesses, and gives end users and internal team members the knowledge they need to protect themselves. This integrates directly with cyber security training to ensure a robust response to potential attacks. Don’t get caught out – sign up today.