Top 5 Ways To Avoid Phishing Emails

Five top ways to prevent phishing attacks

Cyber attacks are on the increase, and it is vital to protect yourself and your business against the rising security threats. For most companies, the employees are the weakest security link, leaving the company open to potential attacks and breaches. Over 90% of cyber attacks start with a phishing email, and recent studies suggest that the fastest growing security threat to businesses is no longer malware but impersonation email attacks.

The reason employees are often the weakest link in your security is due to human error, and cyber attackers have learnt it is easier to trick someone into revealing secure information such as logins and passwords, rather than trying to exploit a secure system. The number of impersonation email attacks sent has increased by 50% quarter-over-quarter compared with malware and harmful files being sent rising by 15%. This means your business is seven times more likely to be subject to an impersonation email attack than a malware attack.

The figures are staggering, and even still there are thousands of companies out there who are not doing everything they can to protect themselves against phishing emails. The most common type of phishing emails is spear phishing; a highly targeted scam email that is sent to a business or individual. If the cybercriminal does enough research into an individual or business, spear phishing can be very effective, and research has shown that 97% of individuals can be tricked by a spear phishing email attack. Here are some of the top 5 ways to avoid phishing emails and protect your business.

Invest In Your Systems

One of the best ways to protect your business from phishing emails is to prevent them from getting through to your employees in the first place. There are many technological approaches to avoid phishing attacks, such as powerful filters and protection systems. Implementing a smart security system can help to identify phishing emails and block them from being received by your employees.

This is a great place to start when it comes to avoiding phishing emails, but even the best technology can’t detect every single phishing email. There will always be some that slip through the filters, so it is vital to have other precautions in place as well.

Educate Your Employees

As personnel are often the biggest downfall for a company’s security, it is essential that they are provided with appropriate training and knowledge to protect themselves against phishing emails. While many phishing emails are poorly written and easy to detect, there are often highly sophisticated attacks that are much more difficult to spot.

To properly protect your business against phishing emails you should develop an effective security education programme to raise awareness among staff of the growing cyber threats.

Go Phishing

One very effective method to identify the weak links in your security and determine where further training is required is to send phishing emails to your employees. Craft an email based on the kind of ones that your employees do receive and then measure for these main four metrics: clicking on the link, opening attachments, reporting the email and response time.

After the ‘attack’, discuss the results of the tests with your employees; it is usually best to keep results anonymous or break them down by department or team to avoid employees feeling like they are being individually called out. Your goal with this exercise should be to raise awareness and educate your employees, not to embarrass them.

Develop A Strict Protocol

Ensure you have a strict and well thought out protocol in place for phishing attacks. Encourage all employees to report all attacks or potential attacks immediately so that they can be dealt with effectively and quickly.

Make it clear that every employee can ask for help if they think they might have been a victim of a phishing email attack and be sure never to punish staff if they do get caught out; it will only discourage your employees from reporting the attacks in future. Once an attack has been reported, take steps to scan the affected devices for malware and change all passwords as soon as possible.

Review Your Digital Footprint

Cybercriminals will use information that is publicly available about your business and employees to make phishing emails more convincing. This information can be found on your website and social media accounts and is known as your digital footprint. Carefully consider what information is necessary for your website visitors and what could be used by potential attackers.

It is also vital to offer support and training to your employees on how to best manage their digital footprint; you should not expect them to remove themselves from the internet entirely but help them understand what information isn’t necessary to share.

Increase your phishing protection with Cyan Solutions

At Cyan Solutions we can develop robust IT security to reduce the risk and prevent cyber attacks. If you would like friendly advice on how to increase your IT security, talk to our experts now.

Cybercrime Is On The Increase

 

Businesses have been facing a growing threat from data breaches, ransomware and supply chain weaknesses in recent years. According to the annual report of the National Cyber Security Centre, the number of cyber-attacks on UK businesses increased in the last year and is only expected to continue to rise.

Cybercrime is a very real issue that businesses today must address and protect themselves against, especially with the newly introduced General Data Protection Regulations (GDPR) that took effect in May this year. IT infrastructures and systems are continuing to grow and evolve rapidly and the more technology systems a company has, the more potential there is for a security breach.

Cybercriminals are continually finding new and innovative ways to hack IT systems and to keep your business safe; it is essential to stay one step ahead.

The growing cybercrime problem

Cybercrime among businesses is a growing issue, with almost half of UK firms being hit by a cyber breach or attack in the last 12 months. Organisations of all sizes are under threat from cybercriminals, with firms that hold personal data the most likely to be a target for cybercrime. These cyber-attacks can come in many shapes and sizes, and cybercriminals are getting more intelligent in carrying out these attacks subtly and quickly.

The most common types of attack from the last 12 months were fraudulent emails, closely followed by viruses and malware. In 2017, The Cyber Security Breaches Survey identified that nearly seven in ten large businesses came under a security breach or attack during the year, and these attacks cost each firm an average of £20,000.

It is no secret that cybercriminals are targeting businesses across the UK on a daily basis, and this threat is continuing to grow. A serious security breach can not only be costly to a company but also have a significant impact on customer confidence, and many big brands have been hitting the headlines recently for being victims of massive data breaches. Dixons Carphone recently admitted a considerable data breach where 5.9 million customer bank cards and 1.2 million personal records were compromised, resulting in the most significant data breach ever in the UK.

GDPR and cybercrime

In May 2018, the new General Data Protection Regulations (GDPR) came into effect, in a bid to protect customers personal data and help individuals have more control over how and where their personal data is used and stored. The new regulations mean there are some drastic changes for businesses, as there is now a much higher level of responsibility for how customer data is stored and managed.

The main impact on businesses in the UK from GDPR is the vast fines that can be enforced should a data breach occur. Following a data breach, a firm can either be fined €20 million or 4 per cent of their global turnover, whichever is higher.

Compared with the previous fines, this is a considerable increase and could land a lot of small businesses in trouble should a data breach occur. In 2016 TalkTalk was fined £400,000 for a security breach that gave hackers access to their customer’s data, today that fine would have been a huge £59 million under GDPR.

With the risk of fines that are large enough to put many companies out of business and the increase in security attacks on businesses in recent years, it is more important than ever to make sure your data and security are safe and protected.

How to protect your business from cybercrime

In this day and age, no matter what size your business is or what industry you operate in, someone will try to steal your data, use your systems to spread viruses or hold your computers for ransom. Smaller companies are often considered better targets for cybercrime, because cybercriminals expect them to have weaker security systems in place, and they probably have a point.

Smaller businesses often have less money to spend on protecting themselves than their larger counterparts, but cybersecurity is a vital investment. It can be a struggle to know where to start, especially if you aren’t an expert in the IT. Technology systems are becoming increasingly complex, making protecting them from attackers ever more challenging.

Enlisting the help of an expert such as Cyan for your businesses computer and data security needs is beneficial and well worth the extra money involved. A professional in the field of cybersecurity will be top of the game and the first to know about new viruses and issues, giving them the ability to stay one step ahead of the cybercriminals and implement security patches before a breach has the chance to occur.

It is also vital to remember that under GDPR you are also responsible for how all your chosen suppliers and providers handle your customer’s data. When employing third-party companies to run systems or software for you, be sure to understand exactly how they are working to protect themselves from cybercrime. You could have the best cybersecurity in the world, and if one of your external suppliers doesn’t keep the same standard, you can still be at risk of a cyber attack or data breach.