Top 5 Ways To Avoid Phishing Emails

Five top ways to prevent phishing attacks

Cyber attacks are on the increase, and it is vital to protect yourself and your business against the rising security threats. For most companies, the employees are the weakest security link, leaving the company open to potential attacks and breaches. Over 90% of cyber attacks start with a phishing email, and recent studies suggest that the fastest growing security threat to businesses is no longer malware but impersonation email attacks.

The reason employees are often the weakest link in your security is due to human error, and cyber attackers have learnt it is easier to trick someone into revealing secure information such as logins and passwords, rather than trying to exploit a secure system. The number of impersonation email attacks sent has increased by 50% quarter-over-quarter compared with malware and harmful files being sent rising by 15%. This means your business is seven times more likely to be subject to an impersonation email attack than a malware attack.

The figures are staggering, and even still there are thousands of companies out there who are not doing everything they can to protect themselves against phishing emails. The most common type of phishing emails is spear phishing; a highly targeted scam email that is sent to a business or individual. If the cybercriminal does enough research into an individual or business, spear phishing can be very effective, and research has shown that 97% of individuals can be tricked by a spear phishing email attack. Here are some of the top 5 ways to avoid phishing emails and protect your business.

Invest In Your Systems

One of the best ways to protect your business from phishing emails is to prevent them from getting through to your employees in the first place. There are many technological approaches to avoid phishing attacks, such as powerful filters and protection systems. Implementing a smart security system can help to identify phishing emails and block them from being received by your employees.

This is a great place to start when it comes to avoiding phishing emails, but even the best technology can’t detect every single phishing email. There will always be some that slip through the filters, so it is vital to have other precautions in place as well.

Educate Your Employees

As personnel are often the biggest downfall for a company’s security, it is essential that they are provided with appropriate training and knowledge to protect themselves against phishing emails. While many phishing emails are poorly written and easy to detect, there are often highly sophisticated attacks that are much more difficult to spot.

To properly protect your business against phishing emails you should develop an effective security education programme to raise awareness among staff of the growing cyber threats.

Go Phishing

One very effective method to identify the weak links in your security and determine where further training is required is to send phishing emails to your employees. Craft an email based on the kind of ones that your employees do receive and then measure for these main four metrics: clicking on the link, opening attachments, reporting the email and response time.

After the ‘attack’, discuss the results of the tests with your employees; it is usually best to keep results anonymous or break them down by department or team to avoid employees feeling like they are being individually called out. Your goal with this exercise should be to raise awareness and educate your employees, not to embarrass them.

Develop A Strict Protocol

Ensure you have a strict and well thought out protocol in place for phishing attacks. Encourage all employees to report all attacks or potential attacks immediately so that they can be dealt with effectively and quickly.

Make it clear that every employee can ask for help if they think they might have been a victim of a phishing email attack and be sure never to punish staff if they do get caught out; it will only discourage your employees from reporting the attacks in future. Once an attack has been reported, take steps to scan the affected devices for malware and change all passwords as soon as possible.

Review Your Digital Footprint

Cybercriminals will use information that is publicly available about your business and employees to make phishing emails more convincing. This information can be found on your website and social media accounts and is known as your digital footprint. Carefully consider what information is necessary for your website visitors and what could be used by potential attackers.

It is also vital to offer support and training to your employees on how to best manage their digital footprint; you should not expect them to remove themselves from the internet entirely but help them understand what information isn’t necessary to share.

Increase your phishing protection with Cyan Solutions

At Cyan Solutions we can develop robust IT security to reduce the risk and prevent cyber attacks. If you would like friendly advice on how to increase your IT security, talk to our experts now.

The Data Protection Law Is Changing: What Does Your Business Need To Do?

Coming into force on the 25th May 2018, the General Data Protection Regulation (GDPR)will mean businesses have to adhere to new rules for managing personal data set by the European Parliament and European Council.

GDPR will be binding and enforceable. With the threat of hefty fines for non-compliance, here is our simple guide to what your business needs to know and act on before this crucial deadline.

Why is GDPR important?

With cyber security threats increasing, there has been increasing focus on safeguarding personal information. It is a strict privacy law that offers potentially worldwide benefits and peace of mind to individuals who share their data. By protecting data, you can protect your business from a potential exploitation, attack or data breach which can significantly damage your organisation and its reputation.

Does GDPR affect my business?

If your business processes personal data for any individuals who live within the EU, then your business must adhere to the regulation. Even if your business is based outside of the EU, if you have personal data for anyone within the EU, the regulation still applies. If you are in the UK, despite Brexit looming, it is likely that the UK will continue to maintain this regulation. So, it is best to act now to avoid potential fines from next year.

What personal data is applicable?

Personal data is considered any information that may identify a person. Direct and indirect data collection applies. Some of the information that’s subject to GDPR regulation includes;

  • A subject’s name
  • Email address
  • Social media posts
  • Bank details
  • Medical records
  • IP addresses
  • Mobile phone IDs
  • Genetic information
  • Biometric data
  • Fingerprints
  • DNA samples
  • GPs

In fact, anything that can physically, mentally, economically, genetically, physiologically, culturally or socially identify an individual must be considered.

Even if your business does not keep data, you may still be liable to follow GDPR regulations if you process information on behalf of another business, agency or individuals. You can find out more from the Information Commissioners Office.

How can my business comply with GDPR?

It is wise for businesses, individuals and agencies which fall into the category of data controllers or processors to have access to an appointed person who has data protection knowledge and understands what to do to comply with data protection law.

For larger organisations, GDPR may enforce you to have an appointed Data Protection Officer. For smaller teams, it may be beneficial for data protection to be a part-time role. Alternatively, it may be worth using a consultant with expert knowledge to help your organisation to achieve compliance and maintain good practice standards.

What measures can my business take to improve data protection?

There are many ways that businesses can increase their security measures which, in turn, will help to adhere to GDPR regulations. Considerations for your business and its security include;

  • How can you make document management more secure?
  • Is your user identification sufficient?
  • Is your data encrypted?
  • Can you improve data overwriting or automatic deletion processes?
  • How can you protect your business from malware?

With GDPR coming into force, now is a perfect time to consider the accuracy of the information you have, how accessible it is as well as the storage and retention policies.

What happens if my business does not comply with GDPR?

Should there be a data breach or your business is found to be non-compliant, the penalties are serious. A severe issue could lead to a fine of €20 million or 4% of your annual global turnover, whichever is greater. Fines can be less and will depend on the severity of the breach. What’s important is that this is a situation that is not taken lightly and investing in compliance could save your business in the future.

How can Cyan Solutions help?

With expertise in information technology, we can empower your business not only to understand the new GDPR regulation, but we can also enable your business to achieve and sustain compliance.

If you want to find out more about how we can help to support your business with GDPR compliance, get in touch for friendly, expert advice.

What even is a blockchain?

In recent months there has been a great deal of talk about the underlying technology of Bitcoin, blockchain, and its potential to be a huge disruptor. It’s potential uses are cited to be inumerable, with entrepreneurs and forward-thinkers from any and all sectors finding ways that it could be utilised in their area.

But what even is it?

Well, blockchain is almost like an extended and linked database. Many of us have heard of Bitcoins and cryptocurrency. Blockchain is basically a ledger of records grouped together as batches of data called blocks. These use cryptographic validation to link themselves together. Each of these blocks references and identifies the previous. This forms an unbroken chain. With us so far?

Probably not. To simplify it even more, blockchain is like a database that validates itself. What makes it different to other databases is that it exists in multiple locations at one time – it’s said to be distributed across these locations, in multiple locations, so that anybody can maintain a copy of it. Meaning that nobody can tamper with the records.

Accessed from anywhere within the chain, a blockchain will be able to see any and all previous transactions, and when new transactions are added, they are done so irreversibly, and so become another previous transaction that remains on the chain permanently.

A permanent, transparent database existing in multiple locations

If you are still with us, hopefully you will begin to see that a blockchain is effectively a tamper-proof, permanent, community controlled and shared database. Another term for a blockchain is a multiple distributed ledger, or MDL – something which has been around since 1976. So why the change of term? Well, read on.

That’s where the Bitcoin bit comes in

Bitcoin simplified the traditional MDL into the blockchain that we see today – and that everybody is raving about. Bitcoin’s nature as a currency maintained by a community and owned by nobody made blockchain ideal. Through blockchain, Bitcoin was able to be labelled secure, permanent and always trackable.

Where and why would we use blockchains

Simply put, blockchains can be utilised in any instance and in any sector where trust is hard-founded. As a registry within a sector, a blockchain would provide complete and total clarity looking backward for regulators and auditors, simply because all data within it is immutable and permanent.

And it’s not just for the financial too. Blockchains could be ideal as an audit-trail for pretty much anything.

That’s what blockchain is.