“It is the fool who thinks he cannot be fooled” Joey Skaggs.
A quick internet search for a definition of Phishing will return: “the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.”
To elaborate the definition of a more targeted form of Phishing known as Spear Phishing would be “the fraudulent practise of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information.”
According to the Microsoft Security Intelligence Report (vol. 24), Cybercriminals using Ransomware as an attack method decreased in 2018 but the rates of Phishing attacks continue to rise. Why is phishing still so popular among cybercriminals? Because it is still effective: Phishing works by exploiting people’s innate instincts to be efficient at their job and to help colleagues out.
So what to do?
A well thought out approach to IT security should consider all three of the following aspects of the business, the people, the processes and the technology.
Train your staff
Ideally, any staff member receiving an email should get Security Awareness Training of some sort. This should be part of an ongoing process for maintaining staff skills in this area. Upskill – your org needs to keep up to date. The same advice you read in a blog or article here today will be read by cybercriminals trying to engineer the next phase of attacks. The cybersecurity landscape is ever-changing and you need to keep abreast of these changes if you want to ensure you do not fall victim.
Put a process in place
Put in place processes that prevent or minimise the potential for exploitation. If your CEO or Manager needs to request a last-minute change of bank account to process a payment, what verification do you have in place? If properly designed processes are put in place then the risks can be mitigated against without losing speed or efficacy.
Test Your People and Technology
There are many solutions available in the modern workplace to assist. It is possible to test your own staff with mock Phishing campaigns. This allows for targeted training to those who most need it. Any business that values their data and their customer data needs to approach cybersecurity with a layered approach to mitigating risk.
Top 5 Tips to Avoid Phishing Attacks
- Trust your instincts, if something feels off, it may well be. Don’t be fearful of contacting the person via another means to confirm it is them.
- Check the senders’ email address, is it 100% right? Are there any dodgy characters in there, is the domain the same domain as the sender’s company domain?
- Grammar, punctuation and spelling. If it’s off or incorrect, double-check with the sender, again, feel free to check with them via a phone call as opposed to replying to an email. Most people will appreciate your vigilance when it comes to cybersecurity.
- Time pressure. If an email is sent to you requiring you to take action within a certain time period, do not click on those links without double-checking the information. Is it for a Netflix subscription? Log in to your Netflix separately and check for any issues.
- Sensitive information: Password Resets, Account Login information, PIN resets. Unless you have initiated the change then do not click on any links in this type of emails.
For more advice or to enquire about our extensive range of security-focused services fill in this form and we will be in touch: