Phishing schemes send duplicitous emails to businesses in an attempt to infect computers with malware. They’re successful when an employee clicks a suspect link/attachment, or gets tricked into giving up financial information.
When it comes to data security, phishing threats get less attention than more “active” malware attacks—And that’s too bad, because today’s phishing schemes are deadlier than ever.
They’re so good that even tech experts get fooled.
A successful phishing attack could cost your company anywhere from thousands to millions of dollars. Protect your business—Here are eight tactics to put in place.
Studies reveal that employees fall for phishing scams because they’re trained to always be “nice.” As a result, they comply with email requests from “clients” without any question. Experts advise taking a suspicious approach to all emails. If an email message “feels wrong, listen to your gut.” Train your employees to follow their instincts when it comes to suspect emails.
You should always carefully examine all email addresses and URLs. With phishing emails, they tend to be a bit “off.” The URL won’t match the directions given in the message, or it won’t be the real web address, rather a similar one. The same is true of email addresses, and company logos, watermarks, and signoffs. If you simply glance at this information, you may be fooled. If you take closer look, you’ll realize it’s a counterfeit. Train employees what to look for if they come across an unexpected email, and to always pay attention to the details.
Phishing scams can be very subtle. Advanced phishing attempts may take over email clients to send messages from what appear to be very reputable sources. This is why it’s essential to stop and think before taking action—especially when money or sensitive information is involved.
Train your employees to examine the message. Is it unusual? Is it unexpected given what they know about the project or client? If they get a message that says, “Wire $5,000 right away for patent rights or we will lose this market,” this should raise warning bells—Why didn’t this person make a call or explain this in person? Any emails that focus on a disaster or emergency like this should be immediately suspected.
Don’t recognize who the email is from? Then don’t do anything. This policy protects employees from phishing emails that get through your spam filters. If the email is from an address they don’t recognize, they should ignore the message. If necessary, they should forward it to the appropriate account manager and ask if it’s legitimate. It’s always worth taking a little extra time to confirm messages, rather than falling for a phishing scheme.
It’s amazing how many people don’t do this, even with extraordinary requests. Successful phishing emails depend on you not calling the sender and asking what’s going on. Calling the sender can destroy the most careful phishing attempts. (At the highest level, phishing may include fake phone numbers or rerouting, but this is quite rare.)
To get around this, phishers may include a message that says, “I will be out of the office today, but this request requires your immediate attention. Please don’t try to contact me, just download/click link/send money/ or (do some other stupid thing).” If you see a message like this, the first thing you and your employees should do is pick up the phone and call, especially when important data is involved.
Phishing schemes vary between industries (based on how much money can be conned out of particular businesses). Research the phishing schemes trending in your industry, and what warning signs to look for. A variety of services offer intelligence reports for this very purpose. You can also visit security zines and forums that focus on your industry. These are typically updated with the latest cyberattacks.
Eventually, companies reach a size where trusting employees to avoid phishing attacks becomes very difficult. It’s important to use strong firewalls and updated security filters to block access to any dangerous or illegitimate sites (the same goes for downloads, etc.). This is essential to mitigate damage once phishing emails are opened. Phishing scams can’t hurt your business if they can’t upload malware.
Email authentication standards are improving all the time. They provide an excellent way for companies to stop spoofing attempts both to and from your organization. Basically, it authenticates senders and makes sure that an email really did come from that sender. This tactic also makes it more difficult to spoof emails from your company. The current standard is DMARC (Domain-based Message Authentication, Report and Conformance). So, if your business is a target of phishing scams, look into adopting this standard for added protection.
An issue worth noting is that DMARC is relatively new and underused. It may not be compatible with all software and services. So, this is the time for a serious consultation with your IT experts to discuss implementing authentication. The process is highly effective, and worth your time.
The three sectors with the biggest spending on cybersecurity are banking, manufacturing, and the central/federal government, accounting for 30% of overall spending (IDC).
It takes an average of 287 days for security teams to identify and contain a data breach, according to the “Cost of a Data Breach 2021” report released by IBM and Ponemon Institute.
40% of businesses will incorporate the anywhere operations model to accommodate the physical and digital experiences of both customers and employees (Techvera).
The cost of cybercrime is predicted to hit $10.5 trillion by 2025, according to the latest version of the Cisco/Cybersecurity Ventures “2022 Cybersecurity Almanac.”.
The average cost of a data breach in the United States is $8.64 million, which is the highest in the world, while the most expensive sector for data breach costs is the healthcare industry, with an average of $7.13 million (IBM).
More than 33 billion records will be stolen by cybercriminals by 2023, an increase of 175% from 2018.
Forty-three percent of attacks are aimed at SMBs, but only 14% are prepared to defend themselves (Accenture).
The internal team was energized. With the Level 1 work off its plate, the team turned its attention to the work that fueled company growth and gave them job satisfaction.
We did a proof of concept that met every requirement that our customer might have. In fact, we saw a substantial improvement.
We did everything that we needed to do, financially speaking. We got our invoices out to customers, we deposited checks, all the things we needed to do to keep our business running, and our customers had no idea about the tragedy. It didn’t impact them at all.
“We believe our success is due to the strength of our team, the breadth of our services, our flexibility in responding to clients, and our focus on strategic support.”