How to Identify — and Halt — Phishing Emails
Phishing attacks are serious business and hackers are always finding new and innovative ways to launch them. This pattern of increasing sophistication has allowed them to continue to gain access to critical business information at an alarming rate.
In fact, the number of phishing attacks around the world rose dramatically in the second quarter of 2019 to top out at 129.9 million. These malicious incursions cost businesses more than $26 billion between 2016 and 2019 — and that number is on the rise.
Companies looking to protect themselves and their data should fully understand the nature of these attacks and what security measures are available to halt them.
What Are Phishing Emails and How to Identify Them
Tactics are always evolving, but there are some common elements that can help you and your employees identify malicious emails designed to extract sensitive information.
Typically, phishing emails look official and are received from a known or trusted entity such as a bank, social media site, or online store. They often contain language designed to trick you into clicking a link or downloading an attachment, such as:
- There’s been suspicious log-ins or activity on your account
- There’s a problem with a payment or with the account itself
- You must confirm personal information
- You must click a link to make a payment
- You’re eligible for cash back or a refund
- You’ve got a coupon to use for free goods or services
- There is a (fake) invoice attached
However, if you look closer at the email you may notice that it’s poorly written, the web or email addresses are misspelled or otherwise seem suspicious, the subject message is written to encourage fear, or there is a suspicious attachment.
How to Safeguard Your Organization from Phishing Emails
Phishing and other cyberattacks are a part of doing business in this new century, so businesses need to take appropriate measures to protect themselves, their employees, their customers and — most importantly — their data.
1. Empower Employees with Education
Keeping your staff apprised of new threats and ensuring they understand the importance of best cybersecurity practices.
The U.S. Department of Homeland Security has a Cyberawareness Division that posts updated educational material, but your business should craft cybersecurity awareness training that deals with specifics, such as:
- Misleading email addresses
- Subject lines with threatening or enticing verbiage
- Suspicious links or attachments
It’s also important that employees follow a set protocol once they’ve determined an email is part of a phishing scam.
2. Use Two-Factor Authentication
Two-factor authentication (2FA) is a way of adding another step to the typical log-in procedure to increase security and prevent unauthorized access.
Using 2FA means to hack in, cybercriminals must gain access to tokens placed on the device by the authentication mechanism or gain access to a physical component of login, like a securID fob.
However, employees must be careful not to inadvertently allow hackers to bypass 2FA by responding to an “account recovery” email.
3. Avoid Removable Media
There are many types of removable media such as USB drives, smartphones, SD cards, and optical and legacy media. With the exception of smartphones, these devices are largely used for storage and file transfer.
However, if not properly managed, they are a vector for malware since malicious software is easily spreadable via removable media.
4. Protect Your Infrastructure
Most importantly, businesses should focus significant efforts on providing appropriate cybersecurity protections to their hardware and software. This is accomplished, in part, by a strong firewall and by keeping all software and hardware components up to date with the latest security patches and software releases.
Additionally, a protective antivirus software should be installed and maintained, and data should be backed up in redundant locations, so it is easily recovered in the case of disaster, theft, or loss.
Kelley Connect – Your Cybersecurity Experts in Seattle, Washington
Kelley Connect’s more than 40 years of providing businesses in the Seattle, Washington area with next-level cybersecurity protection gives us first-hand knowledge of the cybersecurity challenges facing local businesses.
Our team of experts taps into this wealth of understanding to more fully understand — and meet — the critical needs of clients. Armed with the latest expertise and technologies, they can help you attain the greatest possible level of protection for your critical data.
If your business is looking for the latest in state-of-the-art protection from cyberattacks and other security breaches, get in touch with one of Kelley Connect consultants today.