Phishing And Employees: What You Can Do To Protect Yourself

Every year, there’s an increasing number of security breaches. If you own a business, there’s even more at risk. Not only are you responsible for your own virtual safety, but for those of your team, and for the company itself.

According to The United States National Security Alliance, 60% of small businesses that fall victim to an online attack are out of business within six months. The average cost to clean up a hack mess is $700,000.

With those numbers in mind, it’s easy to see how a simply hacking attempt like phishing can put a company out of business.

So, what is phishing exactly? Many people have heard of it—or been a victim of it—but don’t exactly know what it means. Phishing is a cybercrime tactic where hackers use fraudulent emails to trick people into clicking links that make it easy for their data to be compromised.

Generally, hackers are attempting to steal personal information, like credit card details, social security numbers, and addresses. These details make it easy for them to steal identities.

Are You Being Phished?

The PhishMe’s Enterprise Phishing Resiliency and Defense Report found that in the last year alone, phishing attempts have grown by 65%. The top most spoofed brands are Microsoft, Paypal, Facebook, Netflix, and Wells Fargo.

By now, you understand how popular hacking has become, and continues to be. If you’ve seen spam mail, then you’ve already been a direct target of phishing tactics without even realizing it. And according to statistics, spam is a huge issue today. In fact, it’s estimated that spam accounts for 45% of all emails sent daily.

And believe it or not, the United States has the largest amount of spam mail compared to other countries.

How Does Phishing Work?

The reason why phishing is so effective is because the fake emails you receive can be highly deceptive. The email is designed to trick you into believing the sender is a trustworthy company or individual, often one you know or are familiar with. The word itself—phishing—comes from the term fishing. The reason is clear: hackers are hoping recipients take the bait.

For example, you might receive an email from a brand you know well, prompting you to log into the site to, say, view a recent change in your account status. However, the link takes you to a fraudulent website that was designed to look just like a legitimate website. This might seem like a lot of work, but copying an existing website is fairly easy for hackers. Within an hour, a hacker could have a duplicate site set up to replicate that of a bank, or any other business, of their choosing.

Even for hackers with little to no experience, it’s easy for them to get up and running with a massive phishing scheme. Phishing kits make it easy for even the least technically-minded people to create spam emails that actually work.

A phishing kit bundles several tools that are downloaded onto a server, and once those tools are on the server, all the hacker has to do is send the email. These kits are available on the Dark Web, and even on surface web sites like Phishtank.

Using 3rd Party Cloud Data Centers to Defend Against Attacks

For most businesses, adherence to computing regulatory standards (like HITECH) is simply a requirement for doing business in a global market. However, monitoring the day-to-day activities of data encryption and the storage of information for your business can be time consuming (and doesn’t come cheap)”, says Flexential, an enterprise level data storage company.

“Furthermore, IT security solutions, such as HIPAA compliant cloud storage, PCI compliant hosting, and many other data security services are needed to help you successfully navigate ever-changing regulations while also protecting your business from a growing number of sophisticated threats.”

Other Ways to Prevent Phishing

Here are some tips for keeping your personal and business emails safe:

  • Direct anyone you work with to send over any suspicious emails that make it into their primary inbox;
  • Send your staff phishing tests to routinely check whether your phishing training was effective, and whether your team can identify phishing emails when they come. Re-train those that fail;
  • Use two-step verification to create an additional layer of security in your company;
  • Always update your security software and conduct regular security health checks;
  • Secure your browsers to ensure that every website your team visits is an authorized, safe HTTPS website.

Conclusion

Phishing is no laughing matter. Home Depot, Target, and Walgreens all had massive data breaches over the past 5 years that resulted in ten of millions of customers data being exposed to criminals. All resulting from phishing emails to untrained (and ignorant) employees coupled with a failing IT department incapable of detecting intrusions.

Protect yourself; it might just one day save your company.