When it comes to gaining access to a company’s data, a simple phishing email may be the most effective attack. Because they are easy to create, cybercriminals have used these emails to claim many victims over the years.
In fact, phishing emails have become such an issue that Homeland Security Chief Jeh Johnson calls them his team’s "biggest threat." In the past three years alone, cybercrime costs have quadrupled, and by 2019, it's estimated the costs will reach a staggering $2 trillion.
These costs alone paint a picture of just how damaging these attacks can be to your business. So how can you stop them? Keep reading to learn tips that will help your employees identify and "catch" a phish before it's too late.
Merriam-Webster defines phishing as, “a scam by which an e-mail user is duped into revealing personal or confidential information which the scammer can use illicitly.” And because emails are so easy to send, a potential phish can reach thousands of recipients. These attacks are very effective, since many people can’t identify them at first glance. Phishing emails can look seemingly innocent at the surface but are actually far more nefarious.
Since phishing emails are spam, it’s always a good practice to have stringent spam filters that can filter out "spammy" senders. On top this, make sure your employees are also reporting instances of spam that pass through the filter.
To do this, have employees verify the integrity of the sender before complying with the email. Phishing emails will generally use a domain that looks like a legitimate domain (i.e. using gmai1 for gmail), but it’s actually slightly different.
Verifying the domain is essential to stopping a new type of phishing attack dubbed "CEO Fraud." With CEO Fraud, the attacker will pose as the CEO and ask a user for confidential materials such as login information or client social security numbers.
Always ensure you and your employees speak with your CEO in person before you follow these requests. For other phishing requests, make sure you are only sending data through secure communication (https). And be sure to verify all websites before you hand over your credentials.
Installing virus protection on your computer is a great way to stop many instances of phishing. For example, some phishing attacks may try to install software that will record a user’s keystrokes. From this, the hacker can likely find out usernames and passwords for that end user. But, these attacks can be contained by strong anti-virus software.
Software programs should be set up to scan all incoming files to help identify potential threats. On top of this, make sure they are scheduled for automatic updates. This will help keep the software’s library up to date on the latest pieces of malware.
While spam filters and virus protection are great prevention tools, nothing can help prevent phishing more than cyber security awareness training. Training employees is a great way to prevent issues in the first place. By teaching employees the warning signs to of a phishing email, you can help thwart these attacks before they spread. And with cybersecurity costs rising, the adage of "an ounce of prevention is better than a pound of cure" still holds truer than ever.
While many experts doubt the effectiveness of phish tests, there is no denying they have some benefits. Recently, The Atlantic sent out a phishing email to 5,000 of their employees. The email informed the employee they would receive a raise by replying to the email with a few forms of verification. What they found was that one-quarter of the recipients replied. And two-thirds of those who replied gave the requested information.
From this test, we can see the effectiveness of phishing emails but also where the company is vulnerable. When combined with training, phishing your employees can be an effective tactic. Showing real world examples better reinforces the concepts provided in training. And these tests can show employees what to check next time they are the recipient of a fraudulent email.
While phishing will always remain a threat to organizations, there are ways to mitigate your risks. Having programs in place to prevent employee exposure is a great first step. Combine that with cyber security awareness training, and you can reduce that risk even further.
In other words, use your employees as a "net" to catch these dangerous "phish." Do you have any tips for preventing phishing attacks? Be sure to let us know in the comments below.
We're sorry this resource is no longer available, we've redirected you to our Resource center.