• Security
  • 22/10/2020
The way to protect your business from phishing attacks

How to protect your business from phishing attacks

Businesses like yours and ours get studied all the time by hacking groups, preparing for a coordinated attack. I'm not a fan of fear mongering, this is simply the business landscape of the digital age. As hackers' tools and processes become more sophisticated with time, the security infrastructure of a company must follow suit and an awareness of evolving changes is paramount.

Phishing is a common cyber-attack method where someone endeavours to fool you into clicking on a link to infiltrate your system with malware by some means. It can be a bid to access a device attempting to steal sensitive information (i.e. passwords, usernames, pins, credit card numbers etc.) and access your online accounts. Any nightmare scenario you could imagine can become a reality via phishing.

Phishing is one of the most prevalent and successful modes of attack carried out by hackers, as it is easy to implement and not too costly. It is economical and very profitable for cyber criminals. Every staff member in your business must be able to recognise a phishing email baiting them on their computer screen.

Even enterprise organisations who consistently invest in security training, to ensure staff are slick to the tricks still find around 30% of people continue to be fooled into clicking through to links of which they shouldn’t, no matter what they do to safeguard their business. Statistically, some countries are worse clickers than others and some are better on a consistent basis. 

All the training in the world can't prepare for tired, unfocused people thinking unclearly for whatever reason. They may have learnt otherwise but an absent mind will often click on links they shouldn’t click on.

A common phishing method is to send fake emails or instant messages to steer you to a bogus website appearing identical to the original. This attack is aimed at weak spots in the coding of web technologies in the wake of mistakes made by web developers in order to carry out the attack. Super crafty!

It is critical to understand that email does not verify or digitally assign to a sender. You see, email wasn't originally purpose-built with security at the forefront of focus, therefore there is no attestation to who actually sends an email. If there was, this issue would diminish massively.

Emails can be swindled with little effort, to appear as if they've come from where you believe and happens very frequently. Encrypting emails could go some way to solving this although encrypting and decrypting emails lacks appeal to the lethargic side of human nature which may explain why it's not common place.

Phishing attacks are usually carried out in bulk by sending millions of emails instantly. E-mail addresses are often gathered via hacking websites due to people publically disclosing their email on public forums.

Hackers often attempt to guess email addresses like "firstname_secondname@emailaddress.com". If you have one similar, you'll know the level of spam is almost unwadable due to the amount you receive.

Many spam attacks are directed toward business emails, with specific attacks known as spear phishing. This is when a hacker or hacking group studies a business for a quantifiable amount of time and with their gathered information, they'll coordinate an attack based off of their research on your business.

I hope this goes some way in helping you understand more about phishing attacks. If you feel the need for technical assistance, please get in touch and one of our engineers would be happy to assist you.

Recent Post

The Cloud Question

Security

Are IT preconceptions holding the business back?

Security

Do we value our data enough to protect it?

Security

Privacy or anonymity? - Which is more important in the digital era?

Security

If all computers are vulnerable, how strong are your security defences?

Security

Related Posts

  • Security
  • Jan

Do we value our data enough to protect it?

I’m sure you know yourself. You know your business. Of course you want to protect everything in it,

Read More
  • Security
  • Jan

Privacy or anonymity? - Which is more important in the digital era?

Technology is evolving quicker than most peoples’ ability to understand it; therefore it is increasi

Read More
  • Security
  • Jan

If all computers are vulnerable, how strong are your security defences?

You should now understand the difference between Privacy, Anonymity and Pseudonymity. which should l

Read More
  • Security
  • Jan

The Cyber Security Landscape - Best Practices to Protect Your Business Data

What business owners consider to be valuable assets will vary from one business owner to another  bu

Read More