Phishing emails contain links or attachments intended to steal information and distribute malware. The emails will pretend to be from a trusted source, such as a colleague or third-party partner. A popular form of malware is ransomware, which encrypts data on a device and then extorts money from victims in exchange for the decryption key.
The latest phishing emails are becoming less obvious to detect. Cybercriminals are getting better at creating phishing emails that are official-looking, personalized, and programmed to bypass detection software.
Plus, recipients receive numerous emails throughout the day. They are less likely to examine each email carefully and may quickly respond to requests to transfer funds, open attachments, or provide confidential data.
Both phishing and crypto ransomware are increasing at a rate of several hundred percent per quarter, a trend that Osterman Research believes will continue for at least the next 18-24 months.
What are the costs of phishing attacks?
- Stolen, leaked, or deleted confidential data
- Identify theft
- Lawsuits
- Violation of data protection regulations
- Ruined reputation
- The possible closing of the business
How do you protect yourself from phishing attacks?
- Take the threats seriously: Threats of a breach exist within communication systems, personal devices, and even users themselves. This threat to your business is an opportunity for cybercriminals to make a profit.
- Conduct regular cybersecurity training: Staff members are the first line of defense against phishing and malware campaigns. Periodic security awareness training can help your staff detect cyber threats through online training sessions, handouts, presentations, and mock attacks.
- Set up policies and procedures for technology use: Establish your policy for proper use of email, internet browsing, collaboration software, and social media.
- Use an anti-malware program on your devices: This type of software will detect and eliminate phishing and malware attempts. Make sure to install the software on personal devices that connect to your office network. We include malware scans in our month-to-month services.
- Run network vulnerability tests: SwiftTech can search for and repair security holes in your network. We include network scanning in our month-to-month services.
- Backup data regularly: We recommend backing up your data to an onsite device and a cloud service. If disaster strikes, SwiftTech will be able to minimize data loss by restoring from a good backup taken before the infection occurred. Without backups, you either lose your data or pay a ransom for it.
- Enforce permission-based access to data: Do not give employees access to network drives and programs that house confidential data if it is not relevant to their job duties.
- Watch where you click: Open email attachments and links only from trusted sources. If you get an attachment from a contact that typically does not send them, follow up.
- Do not overshare on social media: Cybercriminals can use the information you share on social media to create a more personalized phishing email.
- Report suspicious emails: If you spot a malicious email, report it in your spam filtering software.
SOURCES
Osterman Research, Inc. Best Practices for Dealing With Phishing and Ransomware. (2016, August). Retrieved from: https://dm-mailinglist.com/subscribe?f=6b1c24a7
McCall, J. 3 Ways To Keep Your Customers Ransomware-Free. (2016, July 13) Retrieved from: https://www.bsminfo.com/doc/ways-to-keep-your-customers-ransomware-free-0001?
Shuchami, N. How To Keep Your Customers Protected From Constantly Changing Ransomware. (2016, November 18). Retrieved from: https://www.bsminfo.com/doc/how-to-keep-your-customers-protected-from-constantly-changing-ransomware-0001?
Yarbrough, B. Email Is A Major Security Risk For Small Business. (2016, August 24). Retrieved from: https://www.bsminfo.com/doc/email-is-a-major-security-risk-for-small-business-0001?