Phishing accounts for 90% of all data breaches. With an increase of 67% in the last 5 years alone and statistic shows that the average cost of a data breach is $3.86m, and the worst part is, it only takes one!
One of the many ways malware can infect business networks is by using email phishing. Which is where an employee gets an email they think is from a safe source (vendor, co-worker, or Boss) asking for sensitive information or financial assistance, and the end-user gives out that info as they are not aware the recipient is not the actual person the employee thought they were talking to.
To help protect your organization from such attacks, follow these steps:
- Add Layered Email Security- The attacker’s main objective is to be able to get into your system and steal sensitive data. Hackers gain access by sending fraudulent emails with the hope that you click on a hyperlink or attachment, which contains malware that can get ahold of important information, or render the device unusable unless a ransom is paid. Having an added layer of email security, that can detect and block such dangerous emails coming in would help prevent unwanted clicks.
- Be aware of social media or any channels you don’t own- Social media is a necessity for business. It's a way for businesses to communicate with their audience, update and promote new products, and gain new customers. It is also an entry for cybercriminals to create bogus pages under your brand and name and to solicit sensitive information from your customers and steal identity or financials. Creating and controlling your own online presence will bring awareness of such actions. It’s hard to detect or monitor bogus communication on digital channels that aren’t controlled, much less protected, by your traditional security infrastructure.
- Security Awareness Training for Employees- Training users to identify and report suspicious emails immediately will help prevent a catastrophe. Phishing simulations- fake email attacks launched by your security team is a good way to identify users most vulnerable to attack. Once you identify those users, you can reduce their risk through training, Tighter security controls, and Monitoring more closely for signs of account compromise.