In honor of cybersecurity month, it is important to mention one of the leading factors in successful cyberattacks: phishing. 90% of breaches and cyberattacks today include an element of phishing. Phishing is a practice that is used by cybercriminals and external threats to attempt to steal sensitive information from companies, governments and individual people. With improved education and training over the past few years, employees and people in general have gotten better at recognizing phishing; there’s still a large percentage of people who cannot recognize simple phishing attempts and this is an issue for companies worldwide. In order for companies to prevent phishing, employees must be competent enough to know about, recognize and take the right steps when confronted with a possible phishing attempt.
First, employees should know the basics of phishing. At its core, phishing is simply an attempt to lure individuals into giving up their personal data such as usernames, passwords, credit card numbers, etc. It’s a form of identity theft that hackers use to penetrate an organization or institution. It’s important for companies to educate employees on a regular basis (biannually, yearly etc.) to make sure that they’re competent enough to identify and assess a phishing attempt. Most training programs give employees several modules to apply their phishing knowledge to simulated, mock-phishing scenarios.
Types of phishing:
So what types of phishing attacks there? There are several main categories that cover the majority of phishing attacks.
Clone phishing: Clone phishing uses a legitimate, previous email that contained an attachment to fool the recipient into downloading malicious content. This phishing is more deceptive than other forms because it uses a real, previous conversation and the hacker intercepts it and acts like the person who sent the email. The hacker may claim they’re resending an attachment or an updated version. Ways to prevent this include using anti-spam filters and using firewalls.
Whale phishing: Whale phishing is aimed more at affluent and wealthy prospects. Due to the individual’s wealth or status, they’re considered “whales” or “big phishes”. This can include company executives or any other senior leadership within an organization. This attacks are personalized and well-crafted to make it harder for victims to notice.
Spear phishing: Spear phishing is an advanced form of regular phishing. In regular phishing, the attack is general and mass-produced; in contrast, spear phishing is more personalized and the hacker uses personal information to seem more legit. This can include information that a person has shared on the internet. The goal of this is to lure them into downloading malicious content and/or malware.
- Educating employees: Having a trained, competent workforce is the best defense against phishing. Continuous training your staff to ensure they’re phishing knowledge is up to date will be the best prevention against phishing for your company.
- Encrypt all sensitive information: Encryption serves as another layer of protection in case a phishing attempt is successful. This a great way to mitigate any damage in the event that your organization is penetrated by external threats
- Employ a web filter against malicious sites: Many organizations have used filters on their intranet to block access to certain sites. This filter can also be utilized to prevent spam-filled and malicious sites that try to get employees to download files.
- Be up to date: Installing the latest version of updates to your software programs is a good defense against phishing. With each update, there are security patches that are fixed, so this helps improve the overall security of your company.
- Use an antivirus solution: Antivirus programs are a great defense mechanism against most threats including phishing. By using antivirus programs, you can quantify the amount of threats on your computer systems
If you’d like to learn more about phishing and how your company can combat, talk to one of our experts today for a free consultation.